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MERGER OPENS DOORS TO 
ENTERPRISE ARCHITECTURE 

With acquisition of Popkin, Telelogic brings 
requirements to high-level modeling 



BY DAVID RUBINSTEIN 

Jan Popkin repeated it like a 
mantra. "System Architect and 
DOORS. System Architect 
and DOORS." 

The founder of Popkin Soft- 
ware, which makes the System 
Architect enterprise modeling 
and architecture software, said 
his software was always running 
into the requirements manage- 
ment tool from Telelogic in mil- 
itary and defense projects, such 
as those involved with the De- 
partment of Defense Architec- 
ture Framework (DODAF). 

"We had an interface, but 
now there's opportunity for tight 
integration," Popkin said of the 



announcement last month that 
Telelogic had acquired Popkin 
for US$45 million. 

According to Ingmar Ljung- 
vahl, CTO of Telelogic, "The 
main objective with System 
Architect is to expand in the 
modeling area, with DODAF 
and business process modeling." 

The companies, both men 
said, match up well on a number 
of fronts. Ljungvahl noted that 
Telelogic's revenue comes pri- 
marily from Europe and Asia 
(62 percent) while Popkin's is 
derived from U.S. customers (64 
percent). 

"It works both ways," Popkin 
► continued on page 21 



Can VSTO Align 
Developers With 
Power Users? 

Visual Studio 2005 Tools for Office 
extend apps authored in Excel, Word 



BY JENNIFER DEJONG 

Never the closest of col- 
leagues, enterprise developers 
and power users who write 
mini-applications in Microsoft 
Office may soon find them- 
selves teaming up around joint 
programming efforts. 

It is yet to be seen whether 
enterprise developers will 
embrace the opportunity to 
extend and manage applications 
authored by users of Excel, 
Word and InfoPath (the new 
forms application in Office). Rut 



that is Microsoft's vision for 
Visual Studio Tools for Office 
2005, expected later this year. 

The company last month 
released beta 2 of Visual Studio 
2005 Tools for Microsoft Office 
System (VSTO), available at 
lab.msdn.microsoft.com/vs2005 
/get. Unlike the 2003 offering, 
it is expected to allow develop- 
ers to open Excel, Word and 
InfoPath from within Visual 
Studio, easing the task of adding 
advanced capabilities to pro- 
► continued on page 13 



ALL IN THE VISUAL STUDIO FAMILY 


Visual Studio 2005, expected 


developers working alone) 


later this year, will include the 
following editions: 


• Team System (for role- 
based, application life-cycle 


• Express (for students and 


management) 


hobbyists) 


• Tools for Office (for profes- 


• Professional (for corporate 


sional developers building 


developers and ISVs) 


applications based on 


• Standard (for professional 


Microsoft Office) 

Source: Microsoft 



Fujitsu Targets American Market 

Company's plan for growth is to tie software to hardware 




,n.', E& 

m-li 1 1 I iV.:-:.-V^ 



The plan is to introduce Interstage 
in stages, says Fujitsu's Sepanloo. 



BY YVONNE L. LEE 

It's a company with a decades- 
long history in mainframe com- 
puters that is trying to use that 
experience to help an existing 
enterprise customer base and to 
migrate many of those customers 
to Web services applications. 

That company is not based in 
New York, but in Tokyo. The 
U.S. headquarters are not in 
Armonk, but in Sunnyvale, Calif. 

It's Fujitsu, a technology 
giant particularly known for its 
mainframes, storage hardware 
products such as storage area 
networks, and tape and optical 

SPECIAL REPORT 

Evolving the Java Platform 



drives, all the way down to its 
Spansion line of flash memory. 

However, the company, 
which posted global sales rev- 
enue of approximately US$44.5 
billion in the fiscal year that 
ended March 31, 2005, derives 
the lion's share of revenue, 
$19.4 billion, from software and 
services. That compares with 
only $15.9 billion for the next- 
highest-grossing business unit, 
platforms, which includes its 
well-regarded mainframes. 

"I'm surprised that they make 

more money in software than in 

► continued on page 16 
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Security: More Than Good Programming 



BY ALAN ZEICHICK 

Why are there so many vulner- 
abilities in software applica- 
tions? Poor programming 
practices — that's the most 
common response given in a 
new BZ Research survey. In 
that study, conducted in mid- 
April, 55.9 percent of respon- 
dents blamed poor program- 
ming practices, 55.6 percent 
cited poor design and architec- 
ture, and 50.1 percent said that 
the issue was a lack of develop- 
er security training. 

Other oft-cited reasons 
included inadequate testing 
and quality assurance (48.1 per- 
cent), insufficient management 
emphasis on security (43.3 per- 
cent), flaws in software compo- 
nents and libraries (42.5 per- 
cent) and poor deployment and 
administrative practices (42.0 
percent). 



"Get developers trained, and 
develop a formal methodology 
for testing code," said Robert T. 
Harlton, president of JRWH 
Enterp rises. 

Philippe Bollinne, a senior 
developer, wrote, "Analysts 
must build their problem's 
definition with security in 
mind. Developers must design 
their solution with tools built 
on secure components and 
involving security checks. Pro- 
ject managers must be much 
more involved in security tests 
than in wony about cost and 
delay." 

A more technical sugges- 
tion came from Boris Kolar of 
Globera: "Use a high-level 
programming language like 
Java, C#, or Eiffel. Use Princi- 
ple of Least Privilege. Use 
Design by Contract. Use two 
(or more) factor authentica- 



tion. Think about security 
from the start." 

One reason for vulnerabili- 
ties that the study didn't ask 
about was mentioned in several 
responses, as typified by this 
comment by Henrik Lykke 
Nielsen, a software architect 
with Captator in Denmark: 
"Many serious security prob- 
lems are first and foremost due 
to bad user habits and lack of 
user education." 

Another respondent agreed. 
"Security is not just for IT. 
Majority of the breaks are due to 
human factors — from lack of 
training to plain stupidity to 
unwillingness to think," said 
Amin Adatia, president of 
KnowTech Solutions in Canada. 

The study was completed by 
383 software development 
managers, out of a base of 6,344 
invited. The margin of error is 
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Do your software development tools help 
promote the creation of secure applications? 




33,9% 
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2.5 percentage points. BZ Be- 
search is a subsidiary of BZ 
Media, publisher of SD Times. 

WHERE ARE THE PROBLEMS? 

Security problems might crop up 
anywhere. When asked where 
the respondent (or the respon- 
dent's company) has experienced 
vulnerabilities in the past 12 
months, by far the biggest prob- 
lem area was on the desktop 
operating system, with 63.2 per- 
cent reporting issues there. 
Desktop applications came in 
second place (48.4 percent), fol- 
lowed by server operating sys- 
tems (43.3 percent), Web servers 
(40.8 percent), Web applications 
(39.1 percent) and server appli- 
cations (24.9 percent). 

Database servers had re- 
cent problems, according to 
23.8 percent of the respon- 



Top Ten, Other Lists Catalog Security Threats 

They raise awareness, offer fixes, but are 'just the tip of the iceberg' 



BY JENNIFER DEJONG 

As security concerns take cen- 
ter stage, a handful of Internet 
resources aims to identify appli- 
cation flaws developers may 
have to do battle with. 

The OWASP Top Ten 
(www.owasp.org/documentation 
/topten.html) is a list of Web 
application security flaws main- 
tained by the Open Web Appli- 
cation Security Project. The 
list, which includes advice on 
how to fix flaws, is based on "a 
broad consensus of security 
experts from around the world 
who have shared their expertise 
to produce this list," according 
to the not-for-profit organiza- 
tion's Web site. 

The CEBT Coordination 
Center (CEBT/CC) publishes 



a list of vulnerabilities, inci- 
dents and fixes (www.kb.cert 
.org/vuls), based on reports 
submitted by users. It includes 
application vulnerabilities 
such as SQL injections, cross- 
site scripting, parameter tam- 
pering and buffer overflows, as 
well as viruses and other Inter- 
net threats. CEBT/CC is 
maintained by the Software 
Engineering Institute, a feder- 
ally funded research center at 
Carnegie Mellon University, in 
Pittsburgh. 

Another entry the Common 
Vulnerabilities and Exposures 
(CVE) list (www.cve. mitre 
.org/cve), is not a database, per 
se. It aims to standardize the 
names for all publicly known 
vulnerabilities and security 



exposures. Maintained by the 
not-for-profit Mitre Corp., the 
listing is designed to make it 
easier to search for informa- 
tion in security databases, such 
as the one maintained by 
CEBT/CC. 

Such listings are much 
needed in that they help cre- 
ate awareness about security 
concerns, said Boger Thorn- 
ton, chief scientist at Palo 
Alto, Calif. -based Fortify, 
which sells source code analy- 
sis and simulation testing 
tools. But simply cataloging 
threats such as SQL in- 
jections — where a hacker 
"injects" a SQL call to get at 
data that is intended to be off 
limits — is not enough. "From 
the outside, all SQL injections 



look the same. But there are 
five or six ways to set up a call 
that has SQL injections." The 
developer needs to know how 
to identify all of them, he said. 
Such listings are far from 
exhaustive. "They are just the 
tip of the iceberg," said John 
Carpenter, a product manager 
at Detroit-based Compuware, 
which sells a wide range of 
application security tools, 
among other offerings. As the 
application security industry 
evolves, there will be more and 
more centralized resources that 
catalog vulnerabilities, he said. 
The need is not likely to go 
away. "Hackers are creating 
new attacks, new ways to break 
apps and steal information all 
the time." I 



dents; application servers were 
at 22.1 percent, and Web ser- 
vices and middleware were cit- 
ed by 14.7 percent. 

An area the study didn't ask 
about was e-mail as a cause of 
security vulnerabilities — and 
this oversight was commented 
on by many respondents. "It's 
important to not ask users ques- 
tions they will always get wrong, 
like [asking permission to] run a 
program attached to an e-mail 
message," said Wes Peters, prin- 
cipal engineer with St. Bernard 
Software — because users are 
likely to grant permission even 
when they shouldn't. 

Interestingly, the network 
was often blamed for problems. 
In the study, 35.4 percent said 
that there were security vulner- 
abilities at the firewall in the 
past year, and 23.5 percent 
mentioned the wireless net- 
work. "The security of WiFi 
client and server apps is at the 
forefront of my concern," said 
one respondent, who preferred 
not to be identified. 

The least troublesome areas? 
Identity management systems 
(6.2 percent), device drivers 
(7.1 percent) and managed run- 
times and virtual machines (7.4 
percent). 

OS PERCEPTIONS 

The study asked development 
managers how secure common 
server operating systems were 
against operating-system-relat- 
ed hacks. For three of the plat- 
forms cited — Mac OS X, 
OS/400 and z/OS— too few 
respondents answered the ques- 
tion for it to be statistically valid. 
Within the other operating 
systems, Unix was seen as least 
vulnerable, as 7.5 percent rated 
it secure/very secure, while 9 
► continued on page 24 
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WebSphere MQ Gets Web Services 



IBM integration siblings revved for business process management 

by Jennifer dejong major update to its messaging WebSphere Business Integra- Chief among the 150 im- 

IBM continued to mature its middleware WebSphere MQ, tion Modeler and WebSphere provements to WebSphere MQ 

WebSphere integration offer- as well as minor enhancements Business Integration (WBI) 6.0 is direct support for Web 

ings last month, announcing a to WebSphere MQ Workflow, Server Express. services, opening IBM's propri- 
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etary messaging technology to 
a wider set of applications. 

"You can flow SOAP mes- 
sages over MQ," said Scott 
Crosby, IBM's program direc- 
tor for WebSphere product 
management. 
Developers 
could enable 
Web services 

in the prior ^^^^^^^^^_ 
version, but doing so required a 
significant amount of hand- 
coding. Crosby said that using 
Web services within MQ pro- 
vides a benefit that Web ser- 
vices alone don't offer: the abil- 
ity to "queue" a Web service 
(the same way MQ queues any 
message), even if that service is 
down at the point it is invoked. 
Other Web services updates 
include the ability to compress 
XML messages to half of their 
original size before they move 
across MQ, resulting in faster 
transmission. 

Like other members of the 
IBM Software Development 
Platform, WebSphere MQ 6.0, 
promised for late May, now 
sports a user interface based on 
version 3.0 of the Eclipse 
framework, providing more of a 
"drag and drop" look and feel. 
Also new is the ability to use the 
FTP protocol from within MQ, 
instead of having to open up a 
separate tool, such as Microsoft 
Windows Explorer, to do that. 
FTP is still widely used, partic- 
ularly by small businesses, 
Crosby noted. 

For developers using MQ 
with IBM's zSeries and main- 
frame computers, 6.0 provides 
support for larger 4GB queues, 
up from 1GB, as well as the 
ability to grow queues dynami- 
cally as needed, easing the 
task of allocating mainframe 
resources, Crosby said. Also 
new is support for Linux appli- 
cations running on IBM's Pow- 
erPC chip, and for 64-bit oper- 
ating systems, such as AIX, 
HP-UX and Solaris 10. Pre- 
built code snippets simplify the 
task of connecting to main- 
frame CICS environments and 
to applications running on 
Microsoft's .NET Framework, 
he added. 

SIBLINGS SPIFFED UP, TOO 

A companion to MQ, Web- 
Sphere MQ Workflow lets 
developers more easily manage 
complex business processes, 
such as opening a new account, 
which require multiple applica- 
tions and people to interact, 
according to Crosby. New to 3.6 
► continued on page 25 
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consummate adj. (korvs.um it, koir so-mat} 

1 . Complete or perfect in every respect 

2. Suprennely accomplished or skilled 
3„ Complete 
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IBM Won't Make Smalltalk Anymore 

Big Blue gives two-pronged transfer strategy for users of erstwhile object-oriented language 



BY YVONNE L. LEE 

IBM in late April announced 
an end-of-service plan for 
VisualAge Smalltalk version 6, 
which will be discontinued 



after April 30, 2006. 

"By that time, VisualAge 
Smalltalk will have had 12 
years of success in the market- 
place," said VisualAge transi- 



tion manager Greg Bonadies, 
who said the company decided 
to end VisualAge Smalltalk 
because of general market- 
place directions, customers' IT 



investment patterns and IBM's 
software groups' portfolio 
strategy, all of which are mov- 
ing toward Java, J2EE, Web 
services and SOA. 
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IBM has a two-pronged 
approach for migrating its cus- 
tomers: one that it calls "acceler- 
ated transformation," where 
customers move from Smalltalk 
to Java, and another it calls 
"staged transformation," a slow- 
er process under which cus- 
tomers continue with their 
Smalltalk implementations. 

Bonadies said the accel- 
erated transformation would 
include migration automation 
tools and bridge products from 
several third-party companies. 

"The one we work with quite 
a bit is Synchrony Systems, out 
of New York City," he said. 

For the staged transforma- 
tions, IBM has signed an agree- 
ment with Instantiations to sell 
and advance IBM's VisualAge 
Smalltalk under the name VA 
Smalltalk. Instantiations is free 
to advance the language, which 
will be 100 percent compatible 
with the VisualAge Smalltalk 
codebase. 

Instantiations characterized 
the move as a partnership, but 
an IBM spokesman who asked 
not to be named said it did not 
meet IBM's legal definitions of 
a partnership and that the 
agreement was a way to end the 
life of the product while still 
providing support for its cur- 
rent customers. 

IBM retains ownership of the 
VisualAge intellectual property, 
according to Instantiations CEO 
Mike Taylor. "We're not buying 
anything," he said. "We're licens- 
ing the technology and the right 
to redistribute it from them. 
IBM retains intellectual proper- 
ty rights." 

According to Taylor, Instan- 
tiations' corporate history goes 
back to Smalltalk's creation. 
"Our roots go back to the very 
beginning days of Smalltalk, to 
1980 when it was part of Xerox 
PABC," he said. The company's 
co-founders developed the first 
commercial version of Smalltalk 
at Tektronix in 1984, he added. 

IBM customers with Visu- 
alAge Smalltalk support agree- 
ments can purchase Instantia- 
tions' VA Smalltalk version 7.0 
for US$1,495, which includes 12 
months of support, maintenance 
and new releases. New licenses 
are priced at $6,995. 

In addition to the migration 
paths, IBM will offer support 
extensions to customers who 
need them, he said. I 
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Achieve major improvements In software development performance through 
better toal integration and process automation. Manage defects, 
development issues, and change requests with award -winning TestTracfc Pro 
and gain complete control over your source code and change process with 
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rich, highly scalable, Wab enabled, and cross platform. Streamline your 
development process with Seapine CM and help your team detiver quality 
software products on lime, every time. 




SiirrLHTia ecM 
9ixjic<i Cii:r.ii::i 




T-sslTruG* Pid 

H*IlIl: M.iiULjuiriijnl 




AltlOTTlBtUU T-HLrj'rg 



Learn more abou* the 

Seapine CM suite at 

www. sea p i nexo m 

or call 1-888-683-6456 




fl SK4 SrtrJTiB IfeAvrt™. mi *l r'ahie ruser,**! rfcnDuHd 5CU Nrrifrjisfc Vm. yr<i QA Wurd wi &*h*r rBgmt* sd HndBiiH'tein h*dmtin*» & 1 S9ftp^"» S0h"U'n. In-. 



10 



NEWS 



Software Development Times . May 15, 2005 . 



www.sdtimes.com 



Staying Ahead of the Database Curve 

DBArtisan supports features in SQL Server 2005, MySQL 5 

by edward J. correia DBArtisan 8.1, a version of its MySQL. The tool was demon- According to Robin Schu- 

Why wait for Microsoft and database development tool that strated at the MySQL User macher, Embarcadero's vice 

MySQL? Embarcadero Tech- supports features in upcoming Conference in Santa Clara in president of product manage- 

nologies in June is set to release versions of SQL Server and mid- April. merit, version 8.1 will be com- 
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patible with major modifica- 
tions of the much-delayed 
SQL Server 2005. "The data 
dictionary was completely 
gutted," he said, 
don't support 
products, [but] 
has been elongated" from its 
original June 2005 time frame, 
he said. 

The data dictionary con- 
tains key database informa- 
tion, including tables and user 
permissions. "It's been rewrit- 
ten in a lot of ways, so we had 
to do some work so we could 
actually tolerate it," he said. 
IBM's DB2, Oracle, Sybase 
and current versions of SQL 
Server also are supported. 
Pricing remains at US$1,895 
per seat. 

Also new in version 8.1 is 
support for MySQL databases 
version 3.23 and higher, 
including some features in 
version 5, now in beta. "We 
can connect and work with 
[MySQL 5], but we haven't 
fully enabled stored proce- 
dures, triggers and views," 
Schumacher noted. 

Supported MySQL 5 fea- 
tures include creation and edit- 
ing of tables and indexes, user 
and permission management, 
and external functions, such as 
migration from other databases 
to MySQL. "For example, we 
can take an Oracle database, 
convert all the data types, cre- 
ate a MySQL database and 
move all the data over," Schu- 
macher said. 

Also new and benefiting all 
users, he said, is rewritten con- 
nectors. "This gives major per- 
formance improvements across 
the board, not just for MySQL 
customers. This is helpful for 
people with large numbers of 
database objects." The connec- 
tors, formerly in C+ + , are now 
written in Java. 

EXTREME TESTING 

Also in June, the company 
plans to release Extreme Test 
1.8, an update to its load-test- 
ing tool that Schumacher said 
can now create load tests from 
user trace files. "That means 
that an Oracle user's activities 
can be traced and turned into 
simulated tests that can be 
run against an Oracle data- 
base. It's an easy way of simu- 
lating activity over and over 
without coding." 

The new edition also adds 
support for Apache Tomcat, 
Gentoo Linux, Oracle lOg and 
PostgreSQL, he said, and sports 
an improved user interface. I 
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A Different Approach to Load Balancing 



Appistry renames, revs HiveCreator for performance, adds async API 



BY EDWARD J. CORREIA 

Appistry Inc., which changed its 
name from Tsunami Research to 
distance itself from the Dec. 26 
Indian Ocean disaster, in mid- 
April released Enterprise Appli- 
cation Fabric 2.3, an update to 
its fault-tolerance software layer 
for C/C++ and Java applications 
that it says is now far faster and 
more easily managed. 

Enterprise Application Fab- 
ric (EAF) is software for Linux 
and Windows that divides 
application workload across 
multiple enterprise machines, 
which in theory boosts perfor- 
mance and adds reliability. It 
also frees the developer from 
having to perform those func- 
tions with code or expensive 
high-availability systems. "A lot 
of the hardest [development] 
work is figuring out how to 
make [apps] dependable and 
scalable," said Appistry CEO 
Kevin Haar. "Where someone 
might deploy a Tandem for 
a fault-tolerant transactional 
application, they can now 
deploy an application fabric," 
added Sam Charrington, the 
company's vice president of 
product management and mar- 
keting. 

The software, which now 
adds support for Red Hat Enter- 
prise Linux 3, costs US$1,950 
per processor, per year for 
machines deployed in the fabric. 

Haar said that many of the 
performance improvements in 
version 2.3 came as a result of 
changes requested by Sprint, a 
customer that was using the 
solution to build its operational 
support systems (OSS). "Sprint 
needed to find ways to speed up 
the number of transactions per 
processor," Haar said. 

Charrington said that in its 
previous incarnation, as Hive- 
Creator 2.0, the software used a 
blocking API, but the OSS 
application that Sprint was test- 
ing was processing asynchro- 
nous events. "So we created an 
asynchronous API that was more 
amenable to the way Sprint envi- 
sioned using the product and 
resulted in a tremendous perfor- 
mance increase." 

Charrington said the 
changes also forced Appistry to 
focus on die way the software 
was balancing application work- 
loads, which resulted in a more 
even load distribution across the 
application fabric. "For exam- 



ple, Sprint envisioned using fan- 
less, low-power [appliances] in 
addition to high-power multi- 
CPU servers." That required 
Appistry to tweak the load-bal- 



ancing algorithms to take into 
account the capacity of the tar- 
get processor. "Now the load 
balancer can deal with widely 
varying processor resources," 



Haar said. "Loads are distrib- 
uted now so that large and small 
machines get loads they can 
deal with," Charrington said. 
When asked of the reasons 



for changing the company 
name, Haar recently told the 
Wall Street Journal: "Maybe 
[the tsunami] has nothing to do 
with us, but it will hang in the 
air for a long time. We don't 
want the first five minutes of 
discussion for the next 20 years 
to be about the tsunami that 
killed so many people." I 
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Aligning Developers, Power Users 



4 continued from page 1 

grams written in those desktop 
applications. VSTO 2003 forced 
developers to switch back and 
forth between the IDE and the 
Office application, said Micro- 
soft's BJ Holtgrewe, senior 
product manager for VSTO. 

When used within Team Sys- 
tem 2005, the high-end, role- 
based edition of Visual Studio, 
VSTO 2005 also will enable 
developers to manage and 
ensure the security of source 
code from programs created in 
Office, in much the same way 
Team System is expected to do 
that for enterprise applications 
written in C#, VB.NET or other 
.NET languages. 

A PUSH AND A PULL 

Power users, such as stockbro- 
kers who create Excel spread- 
sheets that include live market 
data, are asking for help, said 
Holtgrewe. Instead of cutting 
and pasting current stock price 
data into Excel every hour or so, 
they are asking enterprise devel- 
opers to automate that process 
for them, using Web services. 
"End users are saying, We need 



more technology, and we need to 
partner with [enterprise develop- 
ers] to get that,'" he said. "The 
change is both a push and a pull." 

At the same time Office 
users ask for help, management 
is trying to get a handle on what 
kinds of applications are out 
there, and how those applica- 
tions might expose the compa- 
ny to security risks. For 
instance, a financial analyst's 
spreadsheet is likely to include 
sensitive customer and compa- 
ny data. "We need to roll that 
information up on a daily basis, 
so a company can understand 
its exposure," Holtgrewe said. 

VSTO 2005 is expected to 
automate that process, using 
XML to pull relevant data from 
Excel or Word, and store it in a 
database, where it can be ana- 
lyzed later. 

Also new to VSTO 2005 are 
improved drag-and-drop capa- 
bilities, reducing the need to 
program against APIs, Holt- 
grewe said. For instance, creat- 
ing and displaying the action 
pane, which appears on the 
right-hand side of an Excel or 
Word application, required 15 



classes and 500 lines of code in 
VSTO 2003. A single line of code 
can accomplish the same task in 
the 2005 offering, he claimed. 

VSTO's predecessor, Visual 
Basic for Applications (VBA), 
originated in the early 1990s. 
But back in 1995, or even 2000, 
building simple solutions, such 
as linking to live financial data, 
took a "tremendous number of 
man hours," Holtgrewe said. 
VSTO 2003 added support for 
Web services and XML devel- 
opment, making life a little eas- 
ier, he said. 

Asked whether Office pro- 
grammers will be willing to turn 
their applications over to enter- 
prise developers, Holtgrewe said, 
"No one is bringing up die pow- 
er struggle. We are not taking 
away power from the end user," 
he said. "We are saying, 'Let the 
enterprise developer worry about 
the quality of the code.' " 

Are enterprise developers 
interested in working with appli- 
cations written in Word and 
Excel? A year ago they were not, 
Holtgrewe acknowledged. "But, 
today, they use them. They just 
don't talk about it." I 
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, NEW PRODUCTS, 




FMS is offering Total Access Ultimate Suite, a new collection of 
developer add-ins for Microsoft's Access database. The 12 tools in 
the suite include a static analyzer, ActiveX GUI components, e-mail 
interface, source code class library and spell checker. The suite 
costs US$1,999 per developer seat, plus $1,299 for annual support 
. . . AdaCore and CodeSourcery have jointly created 6++/GNAT 
Pro Joint Edition, an open-source IDE for native and embedded 
applications that uses both the Ada and C++ programming languages 
through AdaCore's GNAT Pro Ada tool set and CodeSourcery's 
G++ Pro compiler. AdaCore also introduced Ada Answers (www 
.ada-answers.com), a Web site for Ada developers . . . Khronos 
Group today announced that its implementation of the OpenML 
API is to be made available as open-source on SourceForge. The 
OpenML specification, based on the work by Silicon Graphics, is a 
media framework for the capturing, processing, synchronizing and 
playing of digital media content, including video, audio and 3D 
graphics, for authoring and content creation systems . . . Dundas 
Software is shipping Diagram for .NET, a new suite of dynamic dia- 
gramming tools and runtime server components for ASP.NET. The 
US$2,999 software includes an editor that turns sketches into com- 
plete diagrams, and components for letting users view and print 
diagrams, as well as libraries, templates and hosting tools . . . Active 
Endpoints is offering a new business process validation service 
at ActiveBPEL.org. Developers upload their BPEL and associated 
WSDL files to the site, run the validator, and get a report describing 
the code's compliance with the BPEL4WS 1.1 process definition 
specification. There is no charge for the OnDemand Validation 
Service . . . Wily has released Browser Response Time, an adapter 
for its Introscope application performance management software 
to monitor Web application response to end-user browser reguests. 
The adapter reports browser ► continued on page 27 
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Fair Isaac Targets Rule Reuse 



BY JENNIFER DEJONG 

Fair Isaac late last month 
released Blaze Advisor 6.0, 
adding a centralized repository 
and other features that facilitate 
the reuse of rules. 

The company also added 



templates that help developers 
better design and manage the 
rules that dictate how key busi- 
ness applications make deci- 
sions, said Ken Molay, a former 
director of product marketing 
for Fair Isaac who now is a con- 



sultant to the company. 

Replacing 5.5 delivered last 
June, 6.0 guides the developer 
through the process of structur- 
ing the repository and the rules 
it stores, and creating templates 
that let business users more 



easily update rules to reflect 
changes in a company's policy. 

A well-designed rules man- 
agement application should 
facilitate reuse, said Molay. But, 
traditionally, each rule applica- 
tion relies on a separate reposi- 
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tory. Blaze Advisor 6.0, which 
starts at US$50,000, provides a 
single repository. 

That facilitates reuse of wide- 
ly applicable rules, such as those 
that govern how an insurance 
company decides which drivers 
to insure. By contrast, other 
rules, such as "Never issue a pol- 
icy to a driver with a past drunk 
driving record," may pertain only 
to applicants in certain states, 
making them less suitable for 
wide reuse. 

Also new to 6.0 is the ability 
to search for reusable rules 
through queries, Molay said, 
such as "Show me all rules that 
apply to Sarbanes-Oxley" or 
"Show me all the rules that per- 
tain to a particular department." 

Fair Isaac, which competes 
with Mountain View, Calif. - 
based ILOG, also announced 
Blaze Advisor SmartForms late 
last month. The separate offer- 
ing, which has not yet been 
priced, applies validation rules 
to data entered in Web forms 
or call center applications, 
Molay said. I 

Oracle Adopts 
Fusion Brand 

BY YVONNE L. LEE 

Oracle set forth in April road 
maps for certifying that recent- 
ly acquired JD Edwards and 
PeopleSoft applications work 
with the company's middleware 
and application server. The 
company also rebranded its 
middleware applications. 

The middleware and appli- 
cation development products 
will be branded Oracle Fusion. 

Bick Schultz, vice president of 
product marketing, said the 
rebranding is designed to bring 
more attention to these products. 

"While there's still some per- 
ception that Oracle's a database 
company and that's it, the fact is 
we have these mature middle- 
ware products," he said. "We're 
in this middleware business, and 
this is a way to emphasize it." 

In addition to the rebrand- 
ing, Oracle in the second quar- 
ter of this year will certify that 
PeopleSoft applications will 
work with Oracle's Internet 
Directory and BPEL Process 
Manager. In the third quarter, it 
will certify JD Edwards applica- 
tions with Oracle's portal server 
and J2EE application server. 
And in the fourth, it will certify 
PeopleSoft applications with its 
application server, portal server, 
integration products and identi- 
ty management products. I 
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Installers Keep Pace With Developments 



BY DAVID RUBINSTEIN 

The way software vendors cre- 
ate, package and sell applica- 
tions has changed from the days 
of a single application being 
made from one in-house code- 
base and offered in only one edi- 
tion. And sellers of installation 
software have had to keep up 
with those changes, as compo- 
nents and Web services are 
brought into the applications, 
which then may be bundled into 
suites with other applications. 

Two of the major installer 
suppliers — Macrovision and 
Zero G — have updated their 
tools to reflect these changing 
times. 

"The integration of applica- 
tions widi databases, application 
servers and Web servers has 
forced us to keep pace," said Bob 
Corrigan, InstallShield product 
manager at Macrovision, which 
acquired InstallShield in July 
2004. To that end, the company 
late last month issued version 11 
of the software. Meanwhile, this 
week, Zero G is expected to 
release version 7 of its flagship 
InstallAnywhere utility. 

Among die new features in 
Macrovision s InstallShield 11 is 
Windows Installer 3.1, the latest 
Microsoft runtime with im- 
proved support for patching. 
Starting on April 12, Corrigan 
said, Microsoft began pushing 
ISVs to support the MSI run- 
time. There also is support for 
IIS 6 and native support for Ora- 
cle databases, added to support 
for SQL Server and MySQL. 
The product now also supports 
RPM (Red Hat Package Manag- 
er) for Linux, which ensures 
software packages can be deliv- 
ered using the standard for the 
operating system, he added. 

Macrovision also has taken 
much of the functionality of its 
FLEXnet Publisher and creat- 
ed a service that sits atop 
InstallShield 11, extending the 
company's trialware features 
that determine the number of 
uses or days a product can be 
used before a purchase decision 
is required. 

Features also can be turned 
on or off via the new activation 
service, and a decision to buy 
the software can be acted on 
with as few as three clicks in the 
trialware, as demonstrated by 
Sonja Hickey, product manager 
for the activation service. The 
service will be priced separately 
from InstallShield 11, which 



costs US$2,499 for the Premier 
Edition and $1,399 for the pro- 
fessional edition, which does 
not have RPM support, net- 
work repositories or a software 
condenser. 



At Zero G, InstallAnywhere 7 
now can install the J2SE 5 run- 
time, and includes a Windows 
Installer build option. "For peo- 
ple who run Windows, the capa- 
bilities of InstallAnywhere and 



InstallAnywhere.NET give you 
the ability to create MSI [pack- 
ages] from within the project," 
said Carlos Araya, InstallAny- 
where product manager. Also 
new is the ability to share com- 



ponents between apps and to 
check dependencies on other 
installations, he added. 

"For a long time, desktop 
installation was it," said Abir 
Majumdar, another product 
manager. "Now they're not 
installing an application but 
being part of the software 
ecosystem." I 
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Fujitsu Targets U.S. With Bundle 



i continued from page 1 



hardware," said Dennis Byron, 
application deployment software 
research analyst at IDC. 

Most of the company's sales 
are in Japan. Fujitsu America's 



software revenue is only $2 the United States, one of the 
billion. tricks Fujitsu plans to use to 

expand its presence in North 
TYING IN THE MAINFRAME America is to combine platform 
According to Robert Sepanloo, and software sales — bundling 
vice president of marketing in software with hardware. This 



approach has been successful in 
Japan, he said. 

Fujitsu America's software 
businesses have two main prod- 
uct lines: its NetCOBOL line 
and the Interstage application 




server and associated J2EE 
stack. Both rely on the main- 
frame customer base. 

"We have two business 
plans," said Ron Langer, senior 
director of languages, who is in 
charge of the NetCOBOL line. 
"One is just supporting cus- 
tomers who want to [continue 
to] write COBOL. The other is 
tools that make it easy to migrate 
specifically from the IBM main- 
frame to Windows and .NET" 

Langer's products include the 
NetCOBOL compilers, the 
PowerCOBOL integrated devel- 
opment environment, NeoKicks 
tools for running CICS applica- 
tions on .NET, and zBatch batch 
production conversion tools, as 
well as forms, conversion utilities 
and data merge tools. The line 
includes products for HP-UX, 
Linux, the .NET Framework, 
Solaris and Windows. 

The group also makes For- 
tran compilers and human lan- 
guage tools, Langer said. 

Langer claimed that organi- 
zations have been able to save 
between 60 percent and 90 per- 
cent when they migrate their 
business applications from main- 



FUJITSU WORKFLOW 
THROUGH THE YEARS 



1991 Fujitsu begins developing 
groupware technology. The 
project is called Regatta. 

1993 The term "workflow" 
becomes accepted, and Fujitsu 
joins the WfMC (workflow man- 
agement coalition). 

1994 The product evolves into 
a commercially available offer- 
ing called Teamware Flow. 

1996 Fujitsu discovers Java 
and rearchitects the product 
from C++ to Java. 

1998 Fujitsu releases its next 
generation workflow product, 
called iFlow. 

2001 The term "BPM" be- 
comes accepted, and Fujitsu 
releases an enterprise edition 
of iFlow to support EJB. 

2003 Fujitsu releases version 
6 of the iFlow BPM product and 
rebrands it as Interstage Busi- 
ness Process Manager. 

2005 Fujitsu releases version 7 
of Interstage Business Process 
Manager with BPEL support, 
enhanced BAM dashboards and 
packaged process templates. 
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of Products 



frames to Intel-based hardware 
running Microsoft Windows and 
.NET using Fujitsu's tools. 

"The challenge is [that] mov- 
ing systems takes time," he said. 
"Any time you change some- 
thing, there are risks involved. 
I've got to retest everything to 
make sure it still works. The cost 
differences are so dramatic that 
companies are willing to do that." 

STAGING AND INFILTRATION 

Sepanloo plans to sell Fujitsu's 
Interstage Java application 
server stack to organizations 
that need to comply with gov- 
ernment regulations, such as 
Sarbanes-Oxley, he said. 

He's using a strategy that he 
successfully used to sell OEM 
versions of SAP applications dur- 
ing his 10 years at Sun. That is, 
he plans to make use of sales of a 
particular product line to gain 
broader acceptance. In the case 
of SAP applications, he made use 
of that company's financial apps. 

At Fujitsu, Sepanloo is using 
the Interstage Business Process 
Manager, a workflow and collab- 
oration system formerly known 
as iFlow, and before that, 
Teamware, which now supports 
BPEL and has additional analyt- 
ics. The plan is to use the Busi- 
ness Process Manager to intro- 
duce the rest of the Interstage 
suite and to bring in the Inter- 
stage suite as part of focused 
business packages. 

The Business Process Man- 
ager has been shipping in the 
United States under one brand 
name or another since 1992. 

In addition to the Business 
Process Manager, the Interstage 
suite includes the Portalworks 
portal software, Xwand financial 
reporting, Shunsaku Data Man- 
ager information retrieval tools, 
and Contentbiz information 
viewing tools. 

Because of the company's 
focus on compliance, elements 
of the Interstage suite will work 
with other companies' app 
servers, said Lisa Schiltz, the 
group's director of marketing. "If 
you don't have our app server, 
our products are going to run on 
other app servers," Schiltz said. 

The company will not try to 
sell its application development 
stack on its own, but as part of a 
services bundle, she said. "The 
application server market is so 
saturated already. For us to come 
in and make a push there would 
make no sense," she added. 



Instead, the company will 
focus on delivering industry- and 
problem-specific packages, such 
as the Interstage Bisk Manage- 
ment Business Pack it developed 
with global consulting firm 



Deloitte & Touche. That package 
is marketed toward organizations 
that want to address labor, health 
and environmental regulations. 

To really make a dent in the 
application server market, 
Fujitsu would have to make an 
acquisition of an existing appli- 
cation server vendor, said Yefim 
Natis, analyst at Gartner. "For a 



non-North American company 
to break into North America is 
very hard," he said, citing Iona 
and Siemens as foreign compa- 
nies that succeeded. "The best 
chance for them to do it is with 
a major acquisition, such as an 
acquisition of BEA Systems." 

Sepanloo said that Fujitsu is 
open to acquisitions — but is 



focused more on partnerships. 
"Acquisition doesn't necessarily 
make you successful," he said. 

Specifically, it is moving 
from direct sales to a channel 
approach. Previously, the com- 
pany made about half its sales 
directly, but it now plans to sell 
about 80 percent through the 
channel, he said. I 
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Component Development 
Finds Home at IBM 



BY DAVID RUBINSTEIN 

IBM hopes its customers won't notice, 
but future versions of WebSphere and 
Rational products will be created using 
component-based development tech- 
niques, according to a distinguished 
engineer on the company's software 
group architecture board. 

"We just want our customers to say, 
'This just works better,' " said Ciaran 
DellaFera. The company has put forth a 
component model reference architec- 
ture that defines common components 
and assembly of the components, for 
reuse internally, and then offerings, 
which will go out to the public, he said. 
"For us, component-based develop- 
ment is the notion of building software 
offerings from reusable software con- 
stituent components." 

DellaFera acknowledged the concept 
is not a new one, citing the 1997 book 
"Software Revise: Architecture, Process 
and Organization for Business Success." 
"I feel like the software industry had col- 
lective amnesia," DellaFera said. "It's 
not that we've forgotten [component- 
based development], but patterns re- 



evidence themselves. The industry is 
feeling the pain. R's no longer a good 
idea. Now it's a necessity." 

One of the contributing factors to 
IBM's move to implement the strategy is 
the realization of what DellaFera called 
"community source" development — an 
open development environment internal 
to the company. "Community source 
and component-based development are 
kissing cousins," he said. He envisions 
one set of developers working on the 
components and assemblies, and anoth- 
er set working on the commercial offer- 
ings. This, he noted, requires strong 
requirements management, an area he 
said the company "is working on." 

DellaFera said the WebSphere 
Application Server and Business Inte- 
grator already had some component 
pieces built in, and that Lotus Work- 
place also was a product in which this 
effort was under way. 

The company's approach to compo- 
nent-based development began with 
bringing in developers to get feedback, 
as opposed to people in an ivory tower 
► continued on page 25 
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Turning Up the Volume on IP Protection 

Palamida's IP Amplifier scans code, binaries for licensing violations 



BY DAVID RUBINSTEIN 

Move over, Black Duck. Another 
intellectual property protection 
company is about to take wing. 
Palamida, a San Francisco-based 



start-up, released late last 
month a pilot version of the first 
commercial offering of its IP 
Amplifier product, being called 
version 3.0. 



"This is one of the new areas 
in the software industry born 
out of how people develop and 
deploy software as compared to 
five or six years ago," said Mark 



Tolliver, CEO of Palamida and 
formerly chief marketing and 
strategy officer at Sun. "As you 
go to component-based devel- 
opment, and open source and 
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outsourcing become more of a 
factor in development, if you 
don't know what's in the code, 
there could be elements you 
don't own, and there could be 
ramifications." 

Those ramifications could in- 
clude legal fees, such as those 
companies are incurring today to 
defend themselves in the legal 
action brought by The SCO 
Group in a wide-reaching copy- 
right infringement case, or the 
cost of development and lost 
time when an app must be rebuilt 
to remove any code that belongs 
to someone else, Tolliver noted. 

Aside from companies look- 
ing to protect themselves from 
lawsuits, understanding the 
property rights of code can help 
companies take advantage of 
such things as open-source 
development and offshoring. 
'You need to make sure there's 
a framework in place for people 
to not turn down an opportuni- 
ty because they don't know 
what to do with open-source 
code," he said. "The easiest 
thing is to say, 'No use of open 
source anywhere,' but you give 
away the opportunity to devel- 
op better software faster that it 
represents." 

Among the notable features 
in IP Amplifier are tools that 
automate the collection of open- 
source project information into 
the company's repositoiy from 
places such as SourceForge and 
Apache. "The database 
3.0 contains 40,000 of the most 
commonly used open-source 
projects," said Theresa Friday, 
one of die company's founders. 
"When we scan the code, we're 
literally scanning against bil- 
lions of source snippets in our 
database.' 

General availability of IP 
Amplifier is expected later this 
month, with pricing on a sub- 
scription model that ranges 
from US$50,000 to $250,000, 
depending upon size. 

The company also has creat- 
ed a tool called Coderank, which 
scans the code and returns the 
most relevant open-source 
usages at the top, much in the 
same way a Google search 
returns the most likely match to 
the request at the top, Tolliver 
said. "It also tells how unique 
die finding is, whether it's been 
used in one file or many It saves 
time in evaluating the results of 
the scan." He also said IP Ampli- 
fier can scan binaiy files as well 
as source code, because often 
the source beneath a binary is 
not accessible, such as in an 
image, icon or sound file. 
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Opening DOORS to Enterprise Architecture 



4 continued from page 1 

said, "in that our accounts will 
benefit from the additional prod- 
ucts, and theirs will get a higher 
level of architectural prowess 
with the larger IT issues, SOA 
and enterprise architecture. Peo- 
ple are moving from 'OK' to 
We've gotta do this.' " Before die 
acquisition, Telelogic employed 
760 people, 220 of whom are 
based in the United States. 

Popkin also raved about the 
technology synergies, calling 
them an "incredibly great fit. 
They have the same vocabu- 
lary we've been using, in terms 
of the concepts of repository 
and configuration controls. A 
lot of the customers that 
understand DOORS and Sys- 
tem Architect already under- 
stand modeling. Their concept 
of R&D is the same as ours — 
internationally based on a pro- 

AccordSQA Adds 
Load Testing To 
SmarteSQA Suite 

BY YVONNE L. LEE 

AccordSQA, which makes a 
performance testing tool that 
automatically gleans informa- 
tion about objects' character- 
istics on a page, this month will 
introduce a complementary 
load-testing tool. 

The main advantage of the 
new SmarteLoad tool is its inte- 
gration with the company's 
SmarteScript functional and 
regression testing tool, accord- 
ing to CEO Rick Vatcher. 
SmarteScript provides both 
natural language and code 
views of applications. It has an 
automated test case generator, 
and a regression manager that 
creates a list of tests to be exe- 
cuted as a single set each time a 
change has been made to the 
application. 

The new tool executes load 
tests from data generated from 
SmarteScript. 

SmarteLoad, which costs 
US$10,000 for 50 concurrent 
simulated users, generates its 
own scripts, measures transac- 
tions and analyzes performance 
in real time. It then generates 
reports and graphs. 

SmarteScript and Smarte- 
Load are part of the company's 
SmarteSQA Suite, which also 
includes SmarteRun, an auto- 
mation tool that works with 
Mercury's WinRunner. I 



ject basis with a global view." 

Ljungvahl indicated that 
over the next month or so, Tele- 
logic will work out the details of 
integrating the two product 
lines, saying that System Archi- 
tect would become a part of the 



company's automated life-cycle 
management suite that includes 
DOORS, the Synergy change 
management tools and the Tau 
modeling tools. System Archi- 
tect, Popkin added, still will 
stand on its own but now has a 



"whole neighborhood of prod- 
ucts around it. It covers IT 
systems, enterprise architec- 
tures, code generation, BPEL. 
Now we can get more leverage 
wherever we go." 

As for Jan Popkin, he'll 



remain with the new company as 
senior vice president involved in 
strategy and marketing. "Jan is a 
strong, powerful addition to our 
team," Ljungvahl said. "He's a 
visionary and a thought leader in 
the industry." I 



Your embedded database should work 
quietly behind the scene. 
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Eclipse World Technical 

Now 

EclipseWorld is for enterprise developers, architects 
arid development managers who want to take their 
company's applications to a higher level! 



Save money and improve 
developer productivity with Eclipse. 

Go beyond the IDE to master 
the wide range of Eclipse 
technologies. 

Discover the best, most effective 
Eclipse add-ins and plug-ins. 



Over 45 great classes 
to choose from! 
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Master techniques for 
building high-quality, 
more secure software. 

Get deep inside Eclipse's 
open-source architecture. 

Improve team collaboration 
using Eclipse. 



Keynote Speaker 



Mike Mitinkotfich ts the Executive 
director or the Eclipse Fb'jndabon. 
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management positions with Oracle, 
WebGain. The Object People, and 
Object Technology International Inc. 
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product management, ma rfcetirj-g , 
strategic pJann-ng, Finance and 
business development. 
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Security: More Than Good Practices 



4 continued from page 5 

percent said it was insecure/ 
very insecure, and 16 percent 
didn't know. 

Linux's scores were similar 
to Unix's: 74 percent secure/ 
very secure, 12 percent inse- 



cure/very insecure, 14 percent 
didn't know. 

Solaris also scored highly, 
with 66 percent saying secure/ 
very secure, 6 percent inse- 
cure/very insecure, and 29 per- 
cent didn't know. 



The respondents had a poor 
opinion of the security of Win- 
dows Server, with 38 percent 
calling it secure/very secure, 58 
percent replying insecure/very 
insecure, and only 4 percent 
saying that they didn't know. 



This question didn't satisfy 
all respondents. "I don't 
believe it's a matter of one plat- 
form being 'more' secure than 
another," said Dave Venance, a 
product support manager. "I 
believe it is more a fact that 
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due to the popularity, certain 
platforms are targeted more 
than others, and as a result 
more effort is required to cre- 
ate a secure system. The type 
of people who are attempting 
to hack into a system or cause 
malicious problems are going 
to attack a system they will 
cause the most problems with. 
This will not likely be some- 
thing like z/OS." 

Even so, "Companies 
developing and distributing 
software for commercial end- 
use must be forced to provide 
guarantees against security 
defects," wrote Robert Swier- 
cz, managing director of The 
Portal of Montreal. "These 
companies must post bonds 
and must be held accountable 
(e.g. pay fines, etc.) when 
delays in fixing known or iden- 
tified defects result in dam- 
ages to end users." 

ARE YOU DOING A GOOD JOB? 

When asked if their organiza- 
tions were devoting enough 
resources to ensuring that 
applications are written and 
tested to be secure, nearly 
half — 49.5 percent — said that 
insufficient resources were pro- 
vided. Another 37.0 percent 
said that their organization 
devoted just the right amount 
of resources; 5.6 percent said 
they were devoting more 
resources than necessary, and 
8.0 percent didn't know. 

A different view was provid- 
ed by the question "How effec- 
tive are your company's efforts 
to improve software security?" 
Fully 62.8 percent said that 
their company's efforts were 
somewhat effective, and anoth- 
er 15.2 percent said the efforts 
were very effective. On the 
negative side, 10.6 percent said 
they weren't effective, and 4.5 
percent said there weren't any 
efforts at all. For this question, 
6.9 percent didn't know. 

"A project needs one single 
person whose sole (or at least 
primary) responsibility is to 
understand the whole system 
(both architecture/design and 
actual implementation), and to 
focus on identifying and pre- 
venting/eliminating vulnerabili- 
ties," advised Larry Crain, prin- 
cipal consultant with IDEA. 
"Therefore, if security is really 
an important goal for a project, 
there WILL be an empowered, 
highly qualified member of the 
team whose 'job 1' is to ensure 
the system is secure. If not, then 
any claims regarding security are 
just so much marketing hype." I 
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Component-Based Development Finds Home at IBM 



t continued from page 18 

dictating what works best, he 
said. "We asked, 'What do we 
care abovit in the software 
group? Is it the app server 
runtime, the tooling platform, 
the installation technology, or 
standard console manage- 
ment?' We established a short 
list and found the key core 
components." 

Development will occur on a 
consistent, internal core run- 
time with a sequence of stack- 
able capabilities on top, barken- 
ing back to the Unix stack of 
days gone by. "You add layers 

Web Services For 
WebSphere MQ 

4 continued from page 6 

is a native Java client API, 
which lets developers invoke a 
workflow through Java, as well 
as features that ease the in- 
stallation and configuration 
process, he noted. 

IBM also updated Web- 
Sphere Business Integration 
Modeler, designed to help 
business analysts map out busi- 
ness processes and import 
those models into IBM's inte- 
grated development environ- 
ment or Unified Modeling 
Language (UML) tools. Unlike 
the prior release, version 
5.1.1.2 lets analysts visually 
depict a process according to 
the compliance initiative, such 
as Sarbanes-Oxley, Six Sigma 
and HIPAA, which it is associ- 
ated with, said Crosby. The 
updated tool also can import 
and export XML files, in addi- 
tion to those based on the Busi- 
ness Process Execution Lan- 
guage and UML. 

New to WBI Server 
Express 4.4, IBM's integration 
offering for small- and medi- 
um-sized companies, are wiz- 
ards that guide developers 
through the process of con- 
necting to applications and 
accessing the information they 
want to move, Crosby said. In 
addition, the update provides 
precoded templates for con- 
necting with WebSphere Por- 
tal offerings and adapters for 
linking to TCP/IP, HTTP and 
for specialized health-care data 
protocols. "We have simplified 
the process," said Crosby. In 
small companies, "a few people 
know the IT stuff, but not at 
every site." I 



up through the stack, and this 
architecture enables IBM to 
respond with agility to changes 
in the market by reorganizing 
the pieces instead of rewriting 
everything top to bottom," he 



said. "We're creating a way to 
stitch the components together 
in a consistent manner." 

DellaFera emphasized that 
IBM does not want to force its 
customers to rip-and-replace 



existing installations with the 
new offerings. "I'm a strong 
advocate of not forcing master 
reset on customers. That's a 
killer to them. We want to 
evolve in the new technology 



and have it be very tolerant of 
what already exists. If they're 
running WebSphere 5.1, and 
we release 6.3, for example, it 
should have the ability to run 
back-rev versions." I 
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Moving Out of the DoubleWide 

Now Accenia, company hopes for new image, broader markets 



BY EDWARD J. CORREIA 

A new name, a new CEO and, 
hopefully, a new image. Shed- 
ding a moniker its directors 
believed cultivated an unseem- 
ly impression, DoubleWide 
Software Inc. last month 
changed its name to Accenia 
Inc., but kept the designation 
for its flagship embedded- 
system simulation tool. The 
company began shipping Dou- 
bleWide Studio 2.0 on April 25, 
claiming the tool is now faster 
and more capable. 

DoubleWide Studio is a 
US$15,000 per-seat GUI-based 
environment for Linux, Solaris 
and Windows hosts that permits 
developers to create custom 
simulations of embedded sys- 
tems running Linux, VxWorks 

as 



or any RTOS with available 
source code. 

"It's about four times faster 
than version 1.1," claimed com- 
pany founder and CTO Ross 
Wheeler of version 2.0, which 
enables users to greatly increase 
the number of systems that can 
be simulated at one time. "They 
had eight devices before; now 
we're at two dozen." 

Setting up the tool also is 
faster. "In die new product we've 
focused on ease of use and flexi- 
bility," he said. "Now you're able 
to use chips as tinker toys to 
put virtual systems together. 
Whether you want one chip, two 
or 12, you can do it very quickly." 

Most uptake of the tool has 
been in die network communica- 
tions market, but Wheeler said 




The company claims that improved performance of DoubleWide Studio 2.0 
permits simulation of more complex designs. 



the company hopes to gain trac- 
tion in the medical, military, 
aerospace, automotive and con- 
sumer industries. "We're focused 
on areas where there's a signifi- 
cant degree of complexity." Dou- 
bleWide 2.0 also now is integrat- 
ed with Rational's Purify and 
Compuware's Bounds Checker 
debugging tools. 

"The embedded systems 
space is still [using] sticks and 
stone axes compared to enter- 
prise development [tools]," 
asserted Peter Long, Accenia's 
vice president of marketing. 
"Embedded developers are still 
using very rudimentary tools. 
What DoubleWide brings to 
that process is to apply standard 
enterprise tools to the embed- 
ded space and provide accurate 
models of these products so 
developers can get to work on 
their projects much quicker." 

TRAILER TRASH 

Part of the problem with the 
company name, according to 
Wheeler, was the results from 
Web searches. "People would 
type in 'doublewide' and find 
ads for trailer parks," he said, 
which led to the decision to 
change it. "The board felt it was 
inappropriate for people to keep 
hitting those sites instead of 
ours." Among the board mem- 
bers is Bill Miskovetz, who in 
February added company presi- 
dent and CEO to his titles. 
Miskovetz formerly served in 
engineering and management 
posts at several network equip- 
ment companies. I 



QNX SDK Contains Web Services 

Momentics add-on exposes Neutrino-based devices to Web 



BY EDWARD J. CORREIA 

QNX Software Systems in early 
April released a software devel- 
opment kit that adds WSDL, 
SOAP and XML protocols to 
Momentics, its Eclipse-based 
development environment for 
C/C++ and Java. 

The SDK is compliant with 
version 1.0 of the WS-I's Basic 
Profile for Web services inter- 
operability, and will cost around 
US$20,000 per project; there 
are no royalties. 

The implementation, accord- 
ing to Momentics senior operat- 
ing system product manager 
Steven Furr, includes a module 



that when added to a device 
built with the company's Neu- 
trino RTOS acts as a Web ser- 
vices container for C/C + + and 
Java applications. "Once you've 
got that service container [on 
the device], you can deploy 
services of any type to it," 
including remote procedure 
calls, he said. 

Since the module interfaces 
at the networking layer, Furr 
claimed compatibility with a 
range of current Neutrino ver- 
sions. "And since it's delivered 
in source code form, it can be 
ported to older operating sys- 
tem versions," he added. HTTP 



is the default protocol; session 
initiation protocol (SIP) also is 
supported. 

Director of product man- 
agement Mark Roberts claimed 
that unlike commercially avail- 
able Web services containers, 
the company's homegrown 
solution features a relatively 
small footprint of about 40KB 
for a bare-bones implementa- 
tion, up to about 250KB for a 
system with transport-level 
encryption (HTTPS or SSL). 
"The overhead is all in the 
transport security. But because 
it's modular, you can add those 
protocols only if needed." I 




News Briefs 



, MORE PRODUCTS , 




< continued from page 13 

response time for all user requests, and automatically groups and 
reports metrics by URL, IP address or data center location. 



UPGRADES 



Mimer Information Technology has released Mimer SQL Mobile, an 

embedded database for Nokia's Series 60 smartphones. According to 
the company, the database supports data compression, multimedia 
data, transactions, stored procedures and triggers, and uses standard 
SQL. It also contains hooks for setting up access to remote databases 
via GPRS and 3G radio. The database was already available for other 
Symbian-based smartphones . . . Etnus is offering a version of its 
TotalView 64-bit debugger for Linux systems running on IBM's Power 
processors. The first Linux distribution supported on that processor is 
SUSE Linux Enterprise 9.0 .. . Citation Software has updated its Jaws 
PDF Editor SDK. Version 3.0 lets applications display and print PDF 
forms with text boxes, buttons, check boxes, combo boxes and radio 
buttons. It also lets data entered into a form be saved in either the 
form document itself or a separate PDF file, and includes a new ren- 
dering engine and enhanced text searching. The free SDK works with 
the US$39 Jaws PDF Editor . . . Spectrum Software has updated its 
source configuration management software, SpectrumSCM. The new 
release adds a three-way diff/merge tool in addition to the existing 
two-way diff/merge tool available in the product. Version 2.2 also adds 
a change request filtering mechanism that can be used to dynamical- 
ly adjust the user's view of change requests assigned to projects with- 
in the system. SpectrumSCM is a Java application that runs on JRE 
1.4.2 or later . . . DataMirror is shipping Transformation Server 4.7 
for z/OS, a real-time, bidirectional data integration solution that syn- 
chronizes mainframe data with information systems and business 
applications running on any platform. This release focuses on perfor- 
mance enhancements; DataMirror claims a 300 percent improvement 
. . . VMware is offering Workstation 5, an update of its desktop visu- 
alization software that lets developers connect multiple virtual 
machines together to simulate and test multitier applications. It also 
contains new or improved support for SUSE Linux Enterprise Server 9, 
Sun's Java Desktop and Novell Linux Desktop, as well as for the 64-bit 
versions of Windows XP, Windows Server 2003, Red Hat Enterprise 
Linux and SUSE Enterprise Linux. Workstation 5 costs US$189 via 
download, $199 for boxed retail software . . . Version 5.1 of VisualCon- 
nect, a mainframe integration package from GT Software, has dynam- 
ic cascading style sheet support, which lets developers manage the 
visibility of GUI controls displayed to the user through the use of 
dynamic style sheets. The GUI input and output text controls also now 
support right-click cut, copy and paste. 



PEOPLE 



Source configuration management server vendor AccuRev has hired 
Lome Cooper as president. Cooper, who most recently was president 
of the PeerDirect and NuSphere divisions of Progress Software, takes 
that title from founder Damon Poole, who remains as CTO . . . Soft- 
ware AG has promoted Theo Beack to be its new chief SOA architect. 
Beack, formerly the company's integration architect, has been with 
Software AG for 10 years. The company makes XML and database 
servers and tools. 



, STANDARDS , 



The first edition of the UBL 1.0 International Data Dictionary has 

been approved as a committee draft by the OASIS Universal Business 
Language Technical Committee and is now available for general use. 
The IDD defines more than 600 business transactions in Chinese, 
Japanese, Korean and Spanish, in addition to English. The dictionary is 
available at no charge in Excel and OpenOffice formats . . . BEA, IBM, 
Microsoft and TIBCO have submitted the latest version of their WS- 
ReliableMessaging specification, which comprises both protocol and 
policy assertions for Web services, to the OASIS standards body. I 
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The fast SCM system. 
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Tired of using a software configuration management system that stops you 
from checking in your files? Perforce SCM is different: fas! and powerful, 
elegant and clean. Perforce works at your speed. 
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May We Have 
The Envelopes Please... 



The past year, 2004, will be viewed as an important transi- 
tional period for enterprise software developers. Many 
trends evolved during those 12 months, moving from 
being new, interesting ideas to becoming part of our 
industry's infrastructure. 

The SD Times 100 is our attempt to recognize the players 
behind those trends. Each year, we seek to identify the 
movers and shakers. Not merely the biggest of the big (though 
such companies are nearly always influential), the companies 
and organizations cited in the SD Times 100 are those that 
we believe demonstrated the greatest amount of leadership, 
either through market clout or meaningful technological 
innovation. 

The word "meaningful" is important: A clever new tool or 
interesting paradigm isn't enough to demonstrate leadership. 
To lead, others must follow. We define the SD Times 100 as 
being those organizations, individuals or movements that were 
talked about, those that created not only great technology but 
also great buzz. 

Sometimes leadership drives an industry in the 
wrong direction. Such was the case with one of the 
most controversial companies mentioned in last 
year's SD Times 100, published in the May 15 
issue. We took some heat for naming The 
SCO Group as a top influencer. As we 




said at the time, "The company's legal assaults on IBM and Lin- 
ux users dominated 2003's tech headlines and shook up the 
open-source community. No other IT topic inspires such fervent 
debate, fear, uncertainty and doubt." 

Our choice was controversial. Many readers felt that by rec- 
ognizing SCO, we were endorsing the company's initiatives. But 
we stand behind our recognition of SCO, because the company 
set off a firestorm of debate within the entire IT industry, minor 
aftershocks of which are still being felt today. If that doesn't 
define influence, nothing does. 

Of course, lame may be fleeting. You won't find SCO listed 
among this year's SD Times 100 companies. Why? Even though 
the courts haven't yet ruled on the legal case, the software devel- 
opment community has voted the company, and its tactics, off 
the island. Open-source software is stronger now than it was 
before SCO began its assaults; look at the tremendous success of 
Eclipse and JBoss, for example, Sun's initiatives around Open- 
Solaris, and the re-emergence of Novell as serious player. In oth- 
er words, the FUD flopped. 

The about-face is so complete that this year's top influencer 
might be termed the anti-SCO. In fact, it's not an organization at 
all. To learn more, turn to page 31. 

Without further ado, we present the third annual SD Times 
100. We welcome your comments about our selections, at 
feedback@bzmedia.com. 
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MODELING 



The yardstick everyone measures against. 
"Atlantic" tied Rational's modeling tools to 
Eclipse 3.0 and to the rest of the IBM tool chain. 
Rose (now Rose XDE) remains the de facto standard modeler. 

Samuel J. Palmisano, CEO 




Artisan 

Leads by bringing UMLand 
SysML to real-time embedded 
systems. 

Borland 

Re-emphasizes modeling, brings 
UML to Microsoft's Team System. 

Embarcadero 

Product breadth maintains 
position at the forefront 
of data modeling. 



I-Logix 

Model-driven development 
focus of embedded development 
arena. 

Magic 

Business process and workflow 
designer eases integration 
troubles. 

Popkin 

Models entire enterprise 
architecture, not merely soft- 
ware projects. 



Select Business 
Solutions 

Drives UML specification, MDA 
from a component perspective. 

Telelogic 

Rounds out round-trip 
engineering among models, 
C++, Java code. 

Versant 

Maps server business 
objects, relational 
databases with UML. 




TOOLS & ENVIRONMENTS 

Wti The newly independent Eclipse community 

■s^^fr became all the rage with heady market buzz 

and third-party momentum for tools and 
plug-ins. A board packed with competitors makes a level playing field. 



'■^V ' 



Mike Milinkovich, Executive Director 



Altova 

Must-have XML toolbox added 
new data mapping, authoring 
gear. 

Borland 

Shopping spree yields fruit in 
integrated software delivery 
platform. 

BuildForge 

Juiced product cycles, agile 
methods call for solid 
build management. 



Compuware 

Tools, services place strong 
emphasis on models and best 
practices. 

IBM 

Agile delivery, big-picture 
plans drive Big Blue across 
the Atlantic. 

JetBrains 

Sharpens Java expertise in the 
Microsoft universe. 



Microsoft 

Despite delays, everyone 
focused on first foray into team 
life cycle. 

SlickEdit 

Demonstrates that agile 
development, code refactoring 
fits C++. 

Sun 

New JSF, JSP tooling 
creates solution to J2EE 
complexity woes. 



COMPONENTS & LIBRARIES 



lnfra g *stics L 



Went beyond Windows, Java component 
suite with resources to help application 



designers as well as developers; new test automation tools provide 




advantage for exercising presentation layer QA. 








Dean Guida, CEO | 
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ILOG 


Scientific Compone 


nt 


Custom IDE solutions, quarterly 


Process management made 


Stayed grounded with 


updates give GUIs flash and flair. 


easy with embeddable biz-rules 


components for serial 




system. 


communications, GPS. 


Dundas 






Charts, graphs, diagrams and 


LogicLibrary 


Software FX 


new gauges bring realism 


Asset manager expanded to 


One API to rule them all: Brought 


to .NET. 


SOA governance, federal 
architectures. 


consistency to Win32, .NET, Java. 


Flashline 




Visual Numerics 


Enterprise architecture, IT 


N Software 


Top purveyor of math libraries j 


t governance kits simplify 


Tackled B-to-B transactions with 


for C, Fortran, Java now JM 


■L. compliance. 


adapters for BizTalk, EDA, more. 


serves C#. j 





TEST & PERFORMANCE 

,/ Shaken and stirred: An innovative approach to 

Ap , it3r' J exerc ' s ' n 9 c °d e ra ' ses 

OtawiwMi the baron Java applica- 
tion quality. Test automation, clever tools 
and pushing testing back into the coding 
process are all winners. 

Jerry Rudisin, CEO 




Bugzilla 


IBM 


Mercury 


Embeddable bug-track- 


Everyone's tools com- 


First name in testing, 


ing tool is ubiquitous, 


pete with Rational or 


from load tests to gover- 


functional, practical. 


support Rational. Or 
both. 


nance to management. 


Compuware 




Quest 


Coordination between 


iTKO 


Scalable J2EE testing 


unit, functional testing 


Automated regression 


spans development, 


struck a solid QA note. 


testing without the code, 
without the hassles. 


massive deployment. 


Fortify 




Wily 


Even competitors know 


Klocwork 


Demonstrated leadership 


its source code analysis, 


Drove static analysis at 


in specs such as Byte 


simulation test tools. 


security, other code vul- 


Code Implementation jl 




nerabilities. 


in J2SE 5.0. J« 




COLLABORATION &SCM 




VA SOFTWARE 



A shift to Java and the launch of a site for build- 
ing add-ons to SourceForge helped maintain 
the company's position as the gold standard for 
internal and external collaboration efforts. 



Ali Jenab, CEO 




AccuRev 

Pushed change manage- 
ment upstream with no- 
tion of change streams. 

Borland 

Modeling, SCM and dev 
tool melding broaden 
collaboration appeal. 



IBM 

Rational tool set and 
WSAD form formidable 
collab environment. 

MKS 

Major suite built from 
scratch offers a truly 
seamless experience. 



Seapine 

Rolled bug-tracking, 
SCM, testing into a widely 
supported system. 

Serena 

Merant meant new 
dimension in distributed 
change management. 



CollabNet 


Perforce 


Telelogic 


Subverted SCM with solu- 


Cross-platform SCM 


Begins and ends with 


tions based on popular 


cranks raw performance, 


everyone on the 


Subversion system. 


price performance. 


same requirements 
page. 
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EMBEDDED & MOBILE 

t% *j*/i ^ e w ' re ' ess brides with numerous 
' l3 Jfwft\ ^Rs; irnplemented real-time JVM. 
Plus, Java Phone has become a 
de facto standard mobile platform— and archrival Microsoft 

isn't even close. 
Scott McNealy, CEO fa 




Axalto 

Brought .NET runtime to 
smartcards, long the purview 
of JavaCard. 

Enea 

Best of both worlds by combin- 
ing embedded Linux with hard 
RTOS. 

Green Hills 

Separation layer is clever way 
to support, secure Linux, 
Windows. 



IBM 

Striding briskly into 
embedded technologies as 
it evolves ChipOS. 

Microsoft 

It's no game: Software finds 
incredible diversity of design 
wins. 

PalmSource 

Generated buzz with Linux 
strategy, acguisition of China 
MobileSoft. 



Sybase 

Say what? Plain-language 
mobile guery system has big 
implications. 

Trolltech 

Keeps gaining traction, 
mindshare with cross-platform 
GUI toolkits. 

Wind River 

Linux embrace threw a 
monkey wrench into 
either/or RTOS debate. 



INTEGRATION & MIDDLEWARE 



Informix spin-off strengthened 
its leading market position and 
strategic alliances as integration player— so much that IBM, which 
bought the rest of Informix, ultimately acguired it too. 

Peter Gyenes, CEO 



J 



BEA 

WebLogic Integration boosted 
the company's enterprise 
standing. 

Fiorano 

Drives ESB by combining 
event/trigger and query/ 
response methods. 

JBoss 

Made waves with announce- 
ment of Enterprise 
Middleware System. 



Microsoft 

Opening up with Web services 
spec collaboration, BizTalk 
adapters. 

Oracle 

Work in 10g, E-Business Suite 
pushed business process 
integration. 

Pervasive 

Demonstrated the power and 
flexibility that ETL solutions 
can offer. 



Progress 

Strong combination of data 
access and Sonic-based ESB 
innovation. 

TIBCO 

Clever acquisitions garnered 
BPM, rich-client tools; profits 
soared. 

WebMethods 

Fabric melds integration 
broker with service- 
oriented architectures. 



DATABASE & DATA ACCESS 



ORACLE 



Oracle lOg, which came out in early 2004, 
pushed grids into the foreground; 

no competitors have a credible response. 10g R2 similarly raised the bar 

for database availability. 

Lawrence J. Ellison, CEO 




Business Objects 

With Crystal Reports, now offers 
top suite of biz reporting software. 

Embarcadero 

Agentless data management tools 
dominate enterprise deployments. 

IBM 

Open-source Cloudscape raised 
bar for Java, app-specific 
databases. 



Microsoft 

SOL Server power is being 
enhanced by Yukon's .NET 
integration. 

MySQL 

Forced many closed-source 
vendors to adopt open-source 
strategies. 

Progress 

With ObjectStore, Persistence, 
emerged as new data powerhouse. 



Sleepycat 

Innovator proves complex data can 
be mastered by small database. 

SolarMetric 

Moved to forefront with focus 
on data objects and JDO 
specification. 

Sybase 

Early leader in integration of 
RFID into enterprise database 
systems. 



DEPLOYMENT PLATFORMS 

mm - _ jfc Despite delays, the exercise 

mniCri^OSfGvt of Windows power 

continues to pay off, 
as seemingly half the world flocks to the .NET Frame- 
work and the other half scrambles to compete against 




. 



it or connect to it. 



Steve Ballmer, CEO 




BEA 

WebLogic's embrace of 
SOA keeps leader moving, 
albeit slowly. 

IBM 

Can't argue with market 
clout: WebSphere keeps 
gaining strength. 

JBoss 

"Professional open source" 
is more than a slogan- 
it's JBoss' reality. 



Macromedia 

Nobody comes close for 
mass-market rich-client 
Web environments. 

Macrovision 

Pricing, licensing, packag- 
ing, oh my: Its job is to 
protect the ISV. 

Novell 

Forget NetWare: Linux is 
the company's hot enter- 
prise server platform. 



Oracle 

Surprising innovation in 
Java grids, clusters and 
hostile takeovers. 

PalmSource 

Compact OS rebuffed 
enterprise plays from 
Microsoft, everyone else. 

Sun 

High-heat Solaris 10, 
low-cost Java Enterprise 
System shined bright. 



INFLUENCERS 



'The Bazaar' 

Corporate embrace of open- 
source communities kicked many 
projects to the next level. The 
commercial support now found 
in Eric Raymond's concept of 
The Bazaar creates the ideal 
synergy between altruism and 
enterprise acceptance. 
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eBay 

Web services APIs offer enterprises 
a new e-commerce paradigm. 

Eclipse Foundation 

Seemingly unstoppable momentum 
redefines competing tool chains. 

Cyber Security Division, 
U.S. Department 
of Homeland Security 

Finally, best practices for 
coding, testing to eliminate 
vulnerabilities. 

IBM 

developerWorks embraced 
developers, raised bar for 
everyone else. 



Microsoft 

Keeps folks guessing with promises 
of Longhorn, Yukon, Whidbey. 

Novell 

Instant Linux leader by snatching 
SUSE, building enterprise stack. 

Sun 

Retains tight control over JCP, sets 
agenda for Java technologies. 

Wal-Mart 

Mandate spurs supply chain to bring 
"Everyday Low Prices" to RFID. 



World Wide Web 
Consortium 

XOuery, Semantic Web show 
Internet innovator still has 
vision. 
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ThinkCAP 



ThinkCAP 6.0 simplifies and accelerates the development on 
Maintenance of J2EE-based web applications by 50% 
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Evolving the Java Platform 

Sun fellow gives a look beyond Java 5.0 through Mustang, Dolphin and more 




The Java platform continues to 
evolve at a brisk pace. More than 
100 new specifications are under 
development in the Java Com- 
munity Process as well as many 
smaller enhancements and refinements. 
This article highlights some of the key 
themes and directions for the next 
releases of Java 2 Standard Edition and 
Java 2 Enterprise Edition. 

With so many new Java initiatives 
going on, it's important to keep some 
high-level perspectives on what we at 
Sun and in the JCP are trying to achieve 
with the Java platform. For me, the key 
high-level value is increasing developer 
productivity. The Java community isn't 
creating new specifications for the fun of 
it; we're doing this because we believe 
they will help developers more easily 
create powerful commercial applica- 
tions. But we need to do more than just 
create stacks of specifications; we also 
need to keep a clear focus on making 
them easy to use. 

As part of both J2SE 5.0 and J2EE 
5.0, we introduced a new driving theme: 
"Ease-of-Development." The purpose of 
this theme is to continually remind us of 
the key root principle of developer pro- 
ductivity. It doesn't matter how powerful 
our APIs are — if they are too hard to 
use, they are not effectively helping 
developers. We need to continually bal- 
ance power, richness and simplicity. 

J2SE 5.0 AND BEYOND 

We delivered the J2SE 5.0 "Tiger" release 
last fall. It was our largest core Java 
update since JDK 1.0, and it introduced 
significant updates to both the Java lan- 
guage and the core platform APIs. 

One feature in Tiger that is going to be 
enormously important to enterprise 
developers is the introduction of an anno- 



tation mechanism into the Java language. 
These annotations permit a form of 
declarative programming, where devel- 
opers can specify desired behavior by 
marking source code with annotations 
rather than having to explicitly code up 
behavior. This style of annotation-driven 
programming is going to be a core value 
of the whole Java platform going forward. 
We are currently developing the two 
successor releases to Tiger. These are 
Mustang (J2SE 6.0), which will ship in 
the first half of 2006, and Dolphin 
(J2SE 7.0), which will ship around the 
end of 2007. We won't be doing a 5.1 
release; we will instead be providing 
regular small patch releases between 
our major releases. 

MUSTANG (J2SE 6.0) 

The J2SE 6.0 (Mustang) release in- 
cludes key updates across the core J2SE 
platform. The main driving themes of 
Mustang are: 

• Compatibility and Stability 

• Diagnosability, Monitoring and Man- 
agement 

• Ease-of-Development (including tools 
support) 

• Enterprise Desktop 

• XML and Web Services 

• Transparency 

Mustang will include a complete 
client-side Web services stack, based on 
the J2EE 5.0 stack, including support 
for all the main XML, SOAP and WS-I 
standards. 

On the desktop we will be continuing 
to refine GUI look-and-feel quality and 
tuning up the performance of the graph- 
ics layer to better exploit hardware accel- 
erators. This includes tuning for the new 
Windows Longhom release, to make sure 
that J2SE will look great on Longhom. 

As part of Ease-of-Development, we 



are including key updates to the JDBC 
database access API, where we are using 
Java annotations to simplify the specifi- 
cation and execution of typical database 
queries and updates. 

Probably the most significant single 
feature in Mustang is the addition of a 
full-scale scripting engine, including a 
lightweight JavaScript implementation. 
We think the Java language is great, but 
we also think that scripting languages are 
a valuable adjunct to the core language. 

DOLPHIN (J2SE 7.0) 

We are resisting the temptation to make 
Java language changes in Mustang. We 
recognize that James Gosling achieved a 
genuine masterpiece with the simplicity 
of the Java language design, and we want 
to be very cautious in evolving the core 
language. 

But at the same time, languages do 
need to evolve, and we are exploring a 
few key changes for the Dolphin release. 

We're interested in introducing 
direct support for XML into the Java 
language. Many Java developers work 
with XML, and we're interested in find- 
ing ways of smoothing that integration. 

We'd like to improve support for pro- 
gramming in the large. For example, 
we're interested in adding mechanisms 
to allow packages to explicitly share their 
package-private state with other pack- 
ages. We're also investigating signifi- 
cantly upgrading the Java packaging 
mechanisms to make it easier to bundle 
and distribute complex applications. 

The Java language is only one of 
many languages used with the Java plat- 
form. As part of Dolphin, we are plan- 
ning to add a new Java Virtual Machine 
instruction, which is targeted at so- 
called "dynamic languages," such as 
Groovy or Python. These languages 



need relatively elaborate mechanisms 
for executing method calls, and it seems 
that providing direct virtual machine 
support will both accelerate execution 
for these languages and provide final 
indisputable proof that the Java platform 
and the JVM are targeted at more than 
just the Java language. 

WHAT ABOUT J2EE? 

J2EE 5.0 is going to be the largest 
upgrade to J2EE since its initial introduc- 
tion in 1999. The core theme of J2EE 5.0 
is Ease-of-Development. We've always 
had a strong emphasis on power and scal- 
ability for J2EE. We want to retain that 
power but make it easier to exploit. 

Enterprise JavaBeans 3.0. The 
most important changes in J2EE 5.0 are 
to the transactional data access layer in 
EJB 3.0. 

First, there is a greatly simplified 
persistence mapping between relational 
database tables and in-memory Java 
objects. This replaces the existing J2EE 
persistence rules with a focus on Plain 
Old Java Objects (POJOs), which need 
to follow much simpler rules to achieve 
data persistence. 

Second, the rules for defining an 
object as a transactional EJB have been 
greatly simplified. Previously developers 
needed to create various ancillary inter- 
faces. That work has now been automat- 
ed, based on the new Java language 
annotations mechanism. 

EJB 3.0 eliminates most of the boil- 
erplate involved in creating transaction- 
al Java objects. This reduces the 
amount of code that needs to be creat- 
ed and maintained while keeping the 
real power. 

In addition to EJB 3.0, J2EE includes 

simplifications and enhancements across 

► continued on page 34 
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4 continued from page 33 

all the component J2EE standards, 
including notable upgrades to the core 
XML and Web services support. 

Web Services and SOA. There is 
strong industry interest in using XML- 
based Web services to create a service- 
oriented architecture (SOA) model for 
distributed systems. The attraction of 
Web services and SOA over earlier 
distributed systems models (such as 
CORBA, RMI or DCOM) is their focus 
on a more loosely coupled services mod- 
el, both in making it easier to map 
requests and data between different 
environments and in allowing the use of 
more asynchronous interactions. Among 
other virtues, this vision of Web services 
and SOA seems to offer a viable route to 
first-rate interoperability between the 
Java and .NET worlds. 

The cornerstone of Web services and 
SOA in the Java platform is the JAX- 
RPC standard. This defines a high-level 
Java programming model that is auto- 
matically mapped into the XML syntax 
of the Web services standards. 

JAX-RPC is being greatly simplified 
in J2EE 5.0 by the use of Java language 
annotations to specify the definition and 
use of Web services. It is now a simple 
matter of adding a few selected annota- 
tions to classes and methods to expose 
them as XML Web services for external 
use. In addition, the JAXB data-binding 
mechanism makes it easy to map 
between complex Java types and corre- 
sponding XML types. 

A key goal of JAX-RPC Web services 
support is cross-platform interoperabili- 
ty. For example, we want developers to 
be able to work with the J2EE JAX-RPC 
standards and have full interoperability 
with .NET applications using the 
Microsoft Indigo application model. 

This interoperability between JAX- 
RPC and Indigo occurs at two levels. At 
application development time, each 
environment supports mapping between 
language-level interface definitions and 
the XML Web Services Definition Lan- 
guage (WSDL) and mapping between 
language-level data definitions and XML 
Schema Definitions (XSD). 

This means that both Java and .NET 
applications are talking a common 
underlying vocabulary, even if that 
underlying vocabulary is sometimes 
expressed differently in Java and in C#. 
Then, at runtime, these application- 
level programming concepts are 
mapped into standard XML on-the-wire 
protocols, including using standard 
XML data encodings, the SOAP messag- 
ing layer, the HTTP and HTTPS trans- 
ports, etc. 

It often feels like there is an excess of 
Web services standards. How on earth 
can developers keep track of the latest 
evolutions of WS-Policy, XML Schema, 
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The practice of coding at the JAX-RPC level will preserve low-level interoperability. 



WS-Addressing, WS-Security, WS-Trust 
and WSDL 2.0, to mention just a few? 
The good news is that, by and large, you 
should never need to know about most 
of these. 

The shared goal of both JAX-RPC and 
Indigo is to provide high-level application 
programming models that allow defini- 
tion and use of Web services as normal 
language-level classes. Then behind the 
scenes, platform libraries map these Java 
or C# programming concepts into the 
various formatting and protocol stan- 
dards. Equally critically, as the standards 
evolve, the application layer can remain 
constant and the runtime libraries can 
buffer the applications from the details of 
the protocol du jour. 

Leading vendors, including BEA, 
IBM, Microsoft, Oracle and Sun, are 
cooperating in groups like the W3C and 
the Web Services Interoperability Orga- 
nization (WS-I) to make sure that there 



will be effective interoperability among 
their different protocol stack imple- 
mentations. These platform vendors 
will need to understand and implement 
all of these standards as part of creating 
their interoperable protocol stacks, but 
typical developers should never need to 
see them. 

My strong advice to Java Web ser- 
vices developers is to program to the 
high-level JAX-RPC and JAXB models, 
and wherever possible leave the XML 
plumbing and protocol details to the 
platform libraries. This will allow us to 
implement the interoperability details 
for you, including adding future support 
for new protocols without disrupting 
your applications. 

J2EE and JAX-RPC provide rich Web 
services support, and thus support the 
core service-oriented architecture model. 
However, while the ability to define and 
use Web services is a critical part of the 



SOA model, it is only the base level. 

One key goal of SOA is that after we 
define our distributed system compo- 
nents as XML Web services, we can then 
move on to integrating these compo- 
nents at a higher level to create enter- 
prise business systems. 

For example, various different parts 
of a business might create Web services 
to manage parts of inventory and order 
processing. Then, at a higher level, these 
component pieces can be integrated into 
a single order processing workflow. 

These issues are being addressed in 
various Java standards, notably the Java 
Business Integration standard (JSR 
208). These standards define a common 
integration model that will allow individ- 
ual Web services to be orchestrated into 
large business flows. 

The use of SOA for Web services 
business integration is likely to be a key 
focus of the Java community over the 
next few years. Much of this work is 
already emerging in parallel with J2EE 
5.0, and it may well be one of the central 
focuses for J2EE 6.0. 

LOOKING FORWARD 

A great deal of new development is 
going on in the Java platform, from 
devices to desktop to server. This article 
highlights a few key enterprise-focused 
themes, but this represents only a sam- 
pling of the many initiatives under way. I 

Graham Hamilton is a vice president 
and fellow within the Java platform 
team at Sun. 



Increasing Transparency: Project Peabody 



BY GRAHAM HAMILTON 

In addition to delivering features, one of 
our goals in Mustang (J2SE 6.0) is to 
increase transparency around how we 
develop both the specification and the 
implementation. 

All new Java specifications are devel- 
oped through the Java Community 
Process, with many companies and indi- 
viduals actively participating. As part of 
the JCP work for Mustang, we are com- 
mitting to improving transparency, 
including providing rapid public updates 
on changes to the Mustang spec. 

To improve access to the J2SE imple- 
mentation, we have launched what we 
call "Project Peabody." This will make it 
easier for developers to get access to 
J2SE sources and to participate directly 
in the evolution of J2SE, while still pre- 
serving the cross-vendor and cross-plat- 
form compatibility that we know is very 
important to the whole Java community. 

To allow improved source access, we 
have introduced three new simplified 
source licenses: 



The Java Research License (JRL). 

This simple two-page license allows 
access to the Java source code for evalu- 
ation and research purposes. Use this 
license if you simply want to read the 
J2SE source code. It also allows 
researchers to modify and distribute 
J2SE for research purposes. 

The Java Development License 
(JDL). This is a full-scale commercial 
license that allows commercial redistrib- 
ution of J2SE releases. Because it covers 
commercial redistribution, it requires 
users to pass the standard J2SE compat- 
ibility tests. This license is intended pri- 
marily for people who are doing new 
platform ports of J2SE. 

The Java Internal Use License 
(JIUL). This is a lightweight license 
intended to allow people to make bug 
fixes to the standard J2SE sources for use 
inside their company or organization. 
This license does not require you to pass 
the compatibility test suite. We still 
require that people agree to remain com- 
patible, but we're willing to allow this "on 



the honor system" for internal use. 

In addition to introducing these new 
licenses, we are becoming more trans- 
parent in how we do J2SE engineering. 
We are now providing complete public 
snapshots of our weekly engineering 
builds as both binary and source. This 
lets people see the full details of Mus- 
tang as we create the release. 

We are releasing our weekly builds 
for two main reasons. First, we'd like to 
allow developers to provide early feed- 
back on new features that are being 
developed in the JCP. By making avail- 
able early drops, we can let people pro- 
vide active feedback into the spec 
development process. Second, we'd like 
to allow people to contribute bug fixes 
and features into the release. By regu- 
larly making available the current 
source tree of the release, it will be 
much easier for people to contribute 
useful updates. Developers should 
check the mustang.dev.java.net site to 
see how they can now contribute to the 
J2SE core. I 
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EDITORIALS 

The New 
Open-Source Model 

When you read the third annual SD Times 100, 
beginning on page 29, you may be struck by the 
fact that many of the winners are, to a greater or lesser 
extent, embracing the open-source model. 

For some companies, such as JBoss and Novell, open- 
source projects are central to their entire business model. 
Others, like IBM and Sun, use open source strategically 
to gain support for their proprietary platforms and pro- 
fessional services. Still others, like Borland and Com- 
puware, offer closed-source tools that support open- 
source software. Of course, some players, most notably 
Microsoft, shun the whole idea. 

So, whether your organization approves of open-source 
software or not (and there are plenty who don't approve), 
the fact is, it's going to be a reality. Many pieces of open- 
source code, such as the Apache Web server, are embed- 
ded into many commercial and enterp rise-class products. 
Even many applications written for Windows or other 
non-open- source operating systems are coming through 
open source. 

The same is true of tooling. Are you using IBM's Batio- 
nal tools? Sun's Java Studio Enterprise tools? Those are 
now based on Eclipse and NetBeans, respectively. Some 
tools from BEA, Borland and others are increasingly built 
atop open-source tool chains or projects. 

Does that mean that SD Times is turning into Open 
Source Times? Not at all. We neither advocate nor oppose 
using open-source platforms and tools. Enterprise devel- 
opment teams should choose the best solution for their 
problems, whether it's commercial closed source, com- 
mercial but based on open source, or "pure" open source. 

Still, we would be remiss in not noticing that the open- 
source movement continues to pick up steam, and more 
and more parts of the software development life cycle 
have at least one foot (and maybe two) in that movement. 
We think you would be remiss in not noticing that as well, 
and finding the best way to leverage that for your own 
projects' best advantage. 

Dolphin-Safe Computing 

Java continues its slow but steady progress under the 
watchful eye of Sun and the Java Community Process. 
We're glad to see that worries about the forking of Java, 
which cropped up a few years ago, seem to have died 
down, and that the key participants in the process are 
apparently cooperating in advancing the platform in a sin- 
gle direction. 

The next major upgrade of Java, J2SE 6.0 (Mustang), 
appears to be focused on minor upgrades to improve its 
user interface and Web services implementation. We 
applaud the JCP's goal of improving support for scripting 
languages in this release; given how often Java is used in 
Web applications, the incorporation of JavaScript is long 
overdue. 

We're even more pleased that the next release, J2SE 
7.0 (Dolphin), plans not only to extend that support to 
other scripting languages, such as Python, but also to treat 
XML as a real language, instead of merely as a metadata 
construct. These are very, very good moves by the JCP I 



The Great Legacy Skills Debate 



The so-called "skills crisis" is 
once again big news, with 
Gartner recently reporting that 
most CIOs do not currently feel 
they have the right people in 
place to achieve their objectives. 
In the developer world, many 
would agree that a skills crisis is 
indeed looming, as the staff 
needed to maintain legacy host- 
based systems is approaching 
retirement, while the number of 
programmers educated in older 
languages is decreasing. 

However, before jumping 
into panic mode, we must con- 
sider the question of precisely 
which skills we mean. Only 
then can we provide a coherent 
statement on whether there is 
indeed a crisis looming. This 
may seem obvious, but to say 
there will be a legacy skills 
shortage is of limited usefulness 
until we are more specific 
about which particular applica- 
tions and languages, or systems 
software and operating environ- 
ments, we are referring to. 

In 2005, CIOs are expected 
to focus more on business inno- 
vation and bottom-line contri- 



bution than on pure infrastruc- 
ture enablement. Despite little 
in the way of increased budgets, 
Gartner reports that IT depart- 
ments are being asked to shift 
their focus toward growth by 
"improving, integrating and 
innovating operations using 
existing technologies and appli- 
cations." IT departments are 
being asked to deliver a bedrock 
of quality services on 
which a broader busi- 
ness strategy of inno- 
vation can be built 
and utilized. 

But for business 
growth to be deliv- 
ered on the back of 
existing technologies, 
IT departments must 
first acknowledge 
and embrace the val- 
ue of their so-called "legacy" 
systems. These often heavily 
customized applications are the 
cornerstones of the business 
world. Written some 15 to 20 
years ago, and currently attrib- 
uted with running 75 percent of 
the worlds business transac- 
tions, they clearly represent the 




bulk of the IT department's 
"value add." The ability of 
developers to unlock this value 
is the key to IT s contribution to 
the business. Finding the right 
skills with which to do it, there- 
fore, is high on the list of prior- 
ities for the CIO. 

CRISIS? WHAT CRISIS? 

There is a world of difference 
between the skills 
required to maintain 
a legacy system and 
those required to 
manage the legacy 
application itself. For 
example, mainframe 
systems administra- 
tors, responsible for 
job schedules, sys- 
tems security, operat- 
ing system upgrades 
and the like, have different skills 
than application developers cre- 
ating the company's business log- 
ic in languages like COBOL, 
PL/I and Fortran. 

Some of these skills are 
essential to ensure business 
continuity. Others are less so, 
depending on IT's strategy. 



SAN DIEGO — I had trouble 
sleeping last night, and it wasn't 
the hotel pillow. It was follow- 
ing my third day at the Software 
Security Summit, and I was 
tossing and turning, worrying 
about our software systems. 

And so should you. 

Your company's software is 
more likely than not to have 
security vulnerabilities, and it's 
just a matter of time before you 
get burned. So why did the 
attendance at the Software Secu- 
rity Summit barely top 200 
developers? Do you not believe? 
Are you saying things like, "It 
can't happen to me?" "Who 
would target my software; we're 
not Microsoft?" and "It's not a 
big deal; we have a firewall?" 

You need to get serious about 
testing your software for vulner- 
abilities and thinking about how 
to write more secure code now 
before you get burned. Bad. 

Have you been reading the 
papers lately? The hackers are 
winning. They took 120,000 
alumni records at Boston Col- 
lege. They grabbed 145,000 con- 
sumer credit reports and Social 
Security numbers from Choice- 
Point. They stole 310,000 Social 



Wake Up! 

Security numbers and credit- 
card data from LexisNexis. They 
nabbed about 1.4 million credit- 
card numbers and personal 
shopping information from giant 
Internet footwear - retailer DSW. 

Where were the LexisNexis 
developers while the 
Software Security 
Summit was going 
on? The data was lost 
because of "customer 
ID and password mis- 
use" — that sounds like 
compromised soft- 
ware to me. Where 
were the ChoicePoint 
developers? The Bos- 
ton College team? 

Wake up! 

All we've heard about for tire 
past two years is firewall and net- 
work security. Developers, de- 
velopment managers and archi- 
tects, of all people, should know 
better. Getting past the firewall 
isn't that hard, especially when 
using a little social engineering. 
And it's not just the outsiders — 
what about the people inside the 
walls? You've got to secure the 
software itself, and you've got to 
do it now. 

Its not that hard to do, but 



And Another Thing. 




you need to know what you're 
doing — or learn what to do, 
which is what you could have 
done at the Software Security 
Summit, which went beyond tire 
firewall to the software itself. 
As keynote Maiy Ann David- 
son, CSO at Oracle 
said, we need to band 
together like the "bad 
guys" do at events like 
the hacker conven- 
tion Defcon. Thous- 
ands of the black hats 
get together there to 
swap tips, tricks and 
techniques. It only 
takes one of "them" 
to figure out a vulner- 
ability, and suddenly every 14- 
year-old alienated pimply teenag- 
er has that information and may 
try to take you down just for fun. 
As an industry we're in a silo. 
We figure out a protection 
scheme and keep it to ourselves. 
We've got to band together and 
share, but the first step is to take 
software security seriously. I 

Ted Bahr is publisher of SD 
Times and president of BZ 
Media, producer of the Software 
Security Summit. 
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Knowing which is which is the 
next step in understanding 
whether you have a skills crisis 
within your organization. This 
is especially true when you con- 
sider that each one is responsi- 
ble for its own vital piece of 
those 75 percent of business 
transactions. Ignore them — or, 
more relevantly, confuse them — 
at your peril. 

OUT WITH THE OLD 

Much of the concern at the 
heart of the "legacy skills" 
dilemma is in regard to the 
age of the work force. The 
popular view is that many of 
the staff with appropriate skills 
will soon be retiring, taking 
with them, as they leave, not 
only the systems expertise they 
have accumulated, but also 
much of the business knowl- 
edge they acquired through 
years spent molding infor- 
mation technology to the 
ever-changing contours of the 
corporation. 

This certainly is an issue, 
with the average age of federal 
government IT workers just shy 
of 50, and a recent survey of 
COBOL programmers in the 
U.S. finding the average age to 
be between 42 and 49. How- 



ever, given that most of these 
workers still have a decade or 
more of regular employment 
ahead of them, the concern 
should be less on replacing 
their technical skills, important 
though these might be, and 
more on the business knowl- 
edge that they possess. 

Organizations must act now 
to map out their application 
portfolios in order to achieve 
a greater awareness of just 
how significant any loss of 
knowledge might be when 
staff members leave. Separat- 
ing strategic business knowl- 
edge from commodity IT 
skills, or indeed the skills asso- 
ciated with applications for 
which there is no strategic 
requirement, is a vital step in 
creating the appropriate skills 
initiatives. 

IN WITH THE NEW 

Another legitimate area of con- 
cern is whether enterprises 
will be able to recruit and 
retain the talented staff 
required to bridge the gap 
between the legacy world and 
the newer worlds of Web ser- 
vices, Java and .NET 

Where courses are still 
available for legacy skills, both 



the business and academic 
worlds acknowledge that 
teaching a language in isolation 
is no longer a priority. The 
requirement is for interoper- 
ability. This is reflected not 
only in the shape of courses 
appearing on the academic 
curriculum, but also in the fact 
that systems integrators are 
retraining legacy workers with 
more contemporary skills. 
EDS, for example, has recent- 
ly embarked on a retraining 
exercise for thousands of its 
mainframe veterans, updating 
them with the latest Java and 
.NET Web services skills. 

Academia moves at a slow- 
er pace, but is nevertheless 
working alongside the busi- 
ness world to ensure that 
needs are being met. There is 
a blurring of boundaries now; 
contemporary platforms are 
putting increasing pressure on 
the mainframe, and the main- 
frame world itself is embrac- 
ing Linux, Java and Web ser- 
vices, constantly eroding the 
divide between the old and 
the new. 

In order to retain skilled 
workers, organizations will 
have to offer a flexible envi- 
ronment that provides oppor- 



tunities to learn and utilize 
skills for working on a variety 
of technologies, both legacy 
and contemporary. Today's 
new IT professionals typically 
do not aspire to linear career 
paths, aligned around a single 
piece of technology, but rather 
relish the chance to swap roles 
more frequently. Organiza- 
tions can use this to their 
advantage as they introduce 
pockets of legacy technology 
on a project-by-project basis, 
building the services and busi- 
ness components required of 
an agile process-orientated IT 
infrastructure. 

With retirement of key 
legacy workers still some way 
off, there is plenty of time for 
the IT industry to ensure a 
smooth transition of skills, but 
only by working to attract new 
recruits and ensuring that 
existing staff members have 
every opportunity to impart 
their knowledge of the legacy 
systems and the business 
processes they encapsulate. I 

Mike Gilbert is vice president of 
product strategy for Micro 
Focus, which sells host develop- 
ment software for .NET, Java, 
XML and Web services. 



Letters to the Editor 



PLATFORM INDEPENDENCE 

Regarding Andrew Binstock's 
column in the April 1 issue 
["Three Good, Free C+ + 
Libraries," page 37]: I investi- 
gated all three libraries during 
my Ph.D. research in 2001-02 
(dissertation titled: "Multi-plat- 
form Software Development: A 
Tool Developers Perspective"). 

I found that the NSPR was 
not being maintained (at that 
time), and that the APR had not 
yet reached 1.0. As you men- 
tion, the licensing for NSPR 
could hurt some commercial 
applications, and needs to be 
handled with care. 

ACE was the most interest- 
ing to me, and I had several 
e-mail conversations with Prof. 
Schmidt, and he was quite 
helpful in pointing me to other 
references. 

The other approach I looked 
into was emulating POSIX/Unix 
on Windows and OS/2. There 
are several different options for 
Windows (Cywin and UWin 
(www.research.att.com/sw/tools 
/uwin), but for OS/2 I was only 
able to find one — EMX, though 
there is an ongoing effort to 
enhance at www.unixos2.org. 



Again, I'd like to thank you 
for opening up the readers eyes 
to the fact that there are plat- 
form independent ways of writ- 
ing code. My ideal is to have the 
same software run on any kind 
of computer. 
Jerry Heyman 
IBM Software Group 

ALL THINGS MUST PASS 

The Microsoft approach, being 
all things to all users, smacks of 
the ERP vendor's original 
claims ["Sending a Message," 
March 15, page 28]. However, 
in that arena, not a single appli- 
cation family from any ERP 
vendor could be considered 
"best in class." 

Before anyone fully under- 
stood that fact, billions of dol- 
lars had been wasted by thou- 
sands of firms in the quest for a 
single unified application set. 
They're still looking. . . 

Pete Ruth 



Letters to SD Times should include the 
writer's name, company affiliation 
and contact information. Letters be- 
come the property of BZ Media and 
may be edited. Send to feedback 
(fbzmedia.com. 



How Much Time Is 
Spent Debugging 
Embedded Applications? 

Developers say debugging embedded systems is the most difficult and 
time-consuming part of their job, according to an informal survey con- 
ducted at the Embedded Systems Conference in San Francisco earlier this 
year by Virtutech, a development tools vendor. 

The company received about 100 responses to its 18-question survey, 
which queried developers on the type of tools used, the time spent on 
each, salary, team size and the types of tools most needed. 

According to the survey, nearly one-third of embedded developers 
spend half to three-quarters of their time debugging; a few confessed 
spending even more time than that. About half of respondents spend a 
quarter to half their time finding software bugs. 

The most common debugging tools used by respondents were inter- 
active debuggers (62), in-circuit emulators (51) and hardware trace cap- 
ture tools (23). Interestingly, most developers still debug mainly on actu- 
al hardware (66) or on prototype hardware (39), despite the relative 
abundance of embedded system emulators. Respondents were permitted 
to select more than one tool in these categories. 
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Dual-Core Processors Changing Software 



In April, Intel and AMD made official 
what was widely known: They were 
shipping dual-core x86 processors. Dual- 
core is the technology by which two 
cores (that is, two instances of the 
instruction execution parts of the proces- 
sor) reside on the same silicon chip. 

This design, which first appeared 
commercially in RISC processors from 
IBM, has been embraced as the solution 
to a vexatious problem: The performance 
of existing x86 architectures could not be 
ratcheted up without consuming signifi- 
cantly more power. Power has two 
important cost components: One is the 
absolute cost of the electricity itself. The 
other is the natural by-product of push- 
ing that electricity through a resistor, 
such as the processor — heat. 

The performance/electricity ratio for 
processors looks like a hockey stick; the 
last two generations of chips passed the 
elbow in that curve. From here on, dou- 
bling processor performance every 18-24 
months (as implied by Moore's Law) 
would mean enormous leaps in heat 
generation. That much heat might be 
barely acceptable in a standard server, 
but it's a serious problem in clusters and 
a disaster in blade servers — not to men- 
tion laptops. 



Integration Watch 



The semiconductor vendors hit on the 
idea of combining two cores whose per- 
formance/electricity ratio was safely on 
the shallow segment of the hockey stick 
and put them together into one chip. 

The dual-core models do exactly this: 
They use two cores that run close to 
today's single-core speeds, but whose 
combined heat radiation is 
comparable to one of today's 
high-end processors. If you're 
running software that can 
make use of multiple cores, 
you get two fast engines 
instead of a single hotter, faster 
engine. For applications that 
can make use of both cores, 
this design delivers a clear per- 
formance benefit. 

Applications that can avail 
themselves of only one engine will not be 
richly rewarded. This point makes a 
strong case for threading client-side 
applications pronto. 

You might have a sense of deja vu as 
you read about two somewhat slower 
pipelines coming together to deliver a 
chip with faster overall performance. 
This is because Intel's Hyper-Threading 
Technology does precisely this, although 
it does so using different technology. The 




difference between hyper-threading, 
dual core and multiprocessor designs can 
be marked on a continuum that reflects 
how many of the execution resources are 
duplicated, and how many are shared. 

Hyper-threading represents one end 
point of this scale — it shares many 
resources between the execution pipe- 
lines. The other end point 
is multiple processors, where 
in theory, nothing is shared 
and everything is duplicated. 
AMD's processors truly do 
not share, because they dupli- 
cate the memory-manage- 
ment functionality. Intel's 
Xeon processors, by compari- 
son, funnel memory accesses 
through the same memory 
bus. Otherwise, though, they 
also duplicate all resources. 

Between these two endpoints — but 
closer to the multiprocessor end — lies 
dual-core. Intel and AMD processors 
have slightly different mixes oi the fea- 
tures they share, so it will be interesting 
to see which ones perform better and 
under what circumstances. 

Head-to-head tests will not be reveal- 
ing for a while because the two compa- 
nies are targeting different segments of 



the market. AMD is going after the serv- 
er market with dual-core Opteron 
processors, while Intel is deploying first 
on gaming desktops and high-end work- 
stations with dual-core Pentium chips. 
Eventually, both companies will be tar- 
geting all market segments with dual- 
core. There is no secret in this, as it is 
the only realistic option for increasing 
processor performance. 

A good question is how can dual-core 
processors be revved without heading 
into the danger zone of high electricity 
consumption? Quite simply by providing 
more cores. These multicore chips will 
probably appear on RISC systems, and 
then drift down into the x86 market. An 
intermediate step might be to follow the 
example of Intel's Power5 processor, 
which is to provide simultaneous multi- 
threading, which is the generic name for 
Intel's Hyper-Threading Technology, on 
the dual-core chips. In this way, each 
chip provides four execution pipelines in 
a two-pair arrangement. 

It's clear that the future of all desktop 
software development is threaded. So, if 
the advent of hyper-threading didn't get 
you to thinking about using threads in 
your client applications, this is surely the 
right time to dip your toe into program- 
ming for parallel processing. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. 



The Joy of Refactoring 



Refactoring is like garbage collection. 
It's not intuitive that it could work 
so well and yet, over time, results in 
code that's perhaps less than optimal, 
but probably better than expected. One 
persistent skepticism of agile methods is 
the fear that "the simplest thing that 
could possibly work" and "you ain't 
gonna need it" will lead to architectural- 
ly sloppy systems. 

In the heat of coding, it is generally 
easier to push forward, adding a field 
here, writing a new method there, than 
to reconstruct the thinking oi some long- 
ago day when a similar problem was 
addressed. Surely the end result of such 
a process will be a system with the 
integrity of a gnarled fishing line. 

To a generation oi C programmers, 
managed memory seemed a similar trap. 
"Need to store something for a bit? Just 
'new' it and forget it" flew in the face of 
every lesson learned from growing up 
with buffer overflows, memory leaks and 
heap fragmentation. Surely the end result 
of such a process will be a heap with the 
integrity of a gnarled fishing line. 

I was reminded of those long-ago 
concerns the other day, when looking 
at the heap profile of a client's system. 
I was using Microsoft's CLR Profiler 
(available at www.microsoft.com 
/downloads) and looking at a shape 
reminiscent of the teeth of a box saw: 



a series of small, right triangles. This is 
a common shape for an application with 
poor performance — the tight inner loops 
that are the core of any CPU-stressing 
program are allocating short-lived objects. 
The garbage collector is being triggered, 
if not every loop, every few seconds. 

The profiler told me which classes 
were being allocated in huge numbers 
and I found out that in every loop, an 
innocuous-looking {unction 
was allocating a class that itself 
managed a costly nonmanaged 
resource. Writing a caching 
class was the work of 15 min- 
utes and — bada-bing! — perfor- 
mance tripled. With some 
more simple refactorings, in 
less than an hour the applica- 
tion was ru nnin g five times 
faster than it had before. Every 
time I made a change, the "saw 
teeth" of the heap profile became flatter 
and less regular. Still, to achieve the ulti- 
mate performance goal, I needed to dou- 
ble the performance again. 

It was at that point that I was struck by 
the correspondence between garbage 
collection and refactoring. From one per- 
spective, time consumed by automatic 
memory management is "wasted," just as 
my work, which wasn't adding features, 
could be viewed as delaying the project. 
Equally, if you delay refactoring or mem- 



Windows &MT Watch 




ory management until there's a problem, 
the work is hard. If, on the other hand, 
you do a "first generation" refactoring 
sweep before you do a check-in, you'll 
find that the need for a more thorough 
"second generation" refactoring is 
delayed, and when the time comes for 
more thorough refactoring, the task will 
be clearer because of the improvements 
you've already put in place. 

The refactoring tools that 
are available for use in Visual 
Studio (including not just 
those in the Visual Studio 2005 
beta, but Refactor Pro from 
Developer Express, Refactoiy 
from Xtreme Simplicity, and 
my current favorite, Resharp- 
er from JetBrains) provide pri- 
marily "first generation" refac- 
torings. 

The majority of these 
refactorings, at a low level, actually cause 
slight performance hits — they often 
involve moving local code behind anoth- 
er method call or into another class. 
However, if there's one thing I've learned, 
it's that the cleaner the program design, 
the higher the ultimate performance. Not 
the initial performance, perhaps, because 
it's true that if you follow the exact same 
steps, inline code performs better than 
code that has a lot of function calls. 
However, the cleaner the system is 



designed, the easier to implement "sec- 
ond generation" refactorings — using 
caches and pools, precalculations, and 
replacing algorithms and data structures. 
These refactorings can provide perfor- 
mance boosts, not on the order of the 
microseconds of a virtual method call, but 
hundreds of percent or even orders of 
magnitude. And such dramatic wins are 
common at the level of hot spots. 

It's true that the tripling of whole- 
program performance I got from imple- 
menting a single cache is not an every- 
day win (would that it were!), but 
neither is it rare when working with a 
well-factored program. 

With memory, a clean program struc- 
ture can lead to clean heaps. A well-fac- 
tored program has classes that naturally 
sort themselves into longer- and shorter- 
lived categories, and the generational 
garbage collection of the CLR will tend to 
pack them fairly efficiently over time. Not 
as efficiently as a hand-tuned data struc- 
ture with known object sizes and explicit 
memory allocation can do, but better, in 
many cases, than most of us can do. 

In my case, it was an overly casual 
"'new' it and forget it" that caused a 
major performance hit, but the ease 
with which the problem fell to the right 
tool (a profiler) and the right techniques 
(continual refactoring) counts as another 
victory for agile methods. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his blog at 
www. knowing, net. 
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XML Digital Signatures in Mustang 



This column continues my look at the 
new features slated for the Java 6 
("Mustang") release. 

The dark underbelly of XML on the 
Web has always been security, a topic 
about which most programmers are woe- 
fully ignorant. Too often, programmers 
assume that a firewall will solve all their 
security problems. Unfortunately, they 
also look at the firewall as a nuisance, and 
they've worked diligendy to make firewalls 
completely ineffective. (I blame ignorant 
IT departments who refuse to open up 
legitimate "holes" in the firewall for this 
state of affairs.) Vast quantities of network 
traffic that has nothing to do with serving 
Web pages now funnel through port 80. 
It's as if the firewall isn't even diere. 

Returning to XML, an XML-based 
Web service is really a way to circumvent 
the firewall by allowing someone from 
outside to execute code inside your app 
server via port 80. Once a hacker is in the 
app server, he or she can wreak havoc. 
The real vulnerability in most systems is 
in the code itself, not the means of get- 
ting to the code. Hackers exploit bugs. 

Though there have been lots of XML 
security standards in the works, none of 
them has been sufficiently solid to be put 
into common use. Since nobody has been 
rolling his or her own security solutions, 



Web services have been very vulnerable 
to attack. The situation is compounded by 
tools that make XML/SOAP "easy" by 
automatically generating all the insecure 
wrapper code that you need to penetrate 
the firewall. None of this machine-gener- 
ated code could know about a roll-your- 
own security system, for example. 

To make XML transactions really 
secure, you need to deal with 
several aspects of die security 
equation. The diree big ones 
are confidentiality (encryption), 
audientication (of both the end 
user and the server) and access 
control. All three are compli- 
cated by the fact that the Web 
service may be distributed, and 
not all parts of die service may 
be under your control. (For 
example, you may be using a 
third-party credit-card processing service 

JSR 105 (XML Digital Signature API), 
slated for inclusion in Java 6, handles the 
authentication part of the equation. 
(Download the proposed final draft from 
jcp.org/en/jsr/detail?id=105). In particu- 
lar, JSR 105 allows die requester of an 
XML service to "sign" the request, there- 
by guaranteeing that the request comes 
from a trusted source. The server could 
simply refuse to execute die service if the 




requester isn't trusted, for example. Simi- 
larly, the reply can be signed by the serv- 
er, so that the requester can know that it's 
a legitimate response to the request. 

The proposed spec has most of 
the strengths and weaknesses of the 
existing crypto classes. On the plus side, 
die new APIs integrate well with the 
existing Java Cryptography Architecture 
(JCA) in that they're built 
around an easily managed 
"Provider" architecture. It's 
easy to plug new versions of 
■ the code that actually does 
the work into your system. 

There's a lot on the minus 

side, though. First, the APIs 

are built around the DOM 

r i> j , APIs, so you'll have to manu- 

\ I.. . j Ji facture a DOM from external- 
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ly provided XML in order to 
sign anything. Next, the APIs are too com- 
plicated. There are many more steps than 
are required by the existing digital-signa- 
ture APIs, and these steps will be very 
confusing to someone who doesn't know 
the Java crypto APIs cold (i.e., most pro- 
grammers who use XML transport). The 
documentation is also, as usual, inade- 
quate. There are, at least, a few examples, 
but there's precious little discussion of the 
APIs at die architectural level. 



The biggest problem with JSR 105 is 
that it's just too low-level — a weakness 
acknowledged in the JSR itself. In order 
to be really useful, the digital signing 
and verification process should be com- 
pletely transparent. Ideally, you will 
make a Java call to a Web service and the 
signing would be a side effect of the call. 
On the receiving end, an exception 
should be thrown if the initiator of the 
request isn't authorized to make the 
request. All of the APIs in JSR 105 
should be completely hidden. 

The other main omission is integration 
to an authentication system. Simply veri- 
fying that a request is signed is insufficient 
if you cannot also verify that the request 
came from a trusted sender. To do that, 
you need to integrate the verification 
process with some sort of authentication 
system. At minimum, I'd like to know that 
a valid certificate for the signing entity 
exists in a trusted key store on the receiv- 
ing server. 

So, the JSR 105 APIs give you the 
wherewithal to do the real work, but they 
are so complicated that I doubt that they 
will get used, and none of the real infra- 
structure required to validate an XML 
request is currently supported (or even 
imagined). It's a start, but doesn't go near- 
ly far enough. I 

Allen Holub is an architect, consultant 
and instructor in C/C++, Java and OO 
Design. Reach him at www.holub.com. 
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Anyone who thought rich Internet 
applications were just the reincarna- 
tion of fat-client software, or who thought 
it was a branch of software development 
and deployment that would wither and 
die, surely had to sit up and take notice 
when Adobe plunked down US$3.4 bil- 
lion for Macromedia last month. 

The synergies most discussed, of 
course, are between Adobe's 
Acrobat and Macromedia's 
Flash, both of which deliver 
content via client applications 
installed on millions of desk- 
tops worldwide. The Adobe 
Reader (which until last year 
was called Acrobat Reader) is 
used for PDF files, while 
Flash Player enables delivery 
of streaming media — audio, 
video and animation. 

Companies adopting Macromedia's 
solution mostly have used it for con- 
sumer Web applications, but also for in- 
house training videos. I'm sure you've 
seen the automobile company Web sites 
that start with a video of a car streaking 
down the Autobahn, and then let you 
build ovit a custom car based on features 
selected from a drop-down list, all the 
while totaling and retotaling the cost of 
the car based on those choices. Or the 
interior design sites that let you place 
furniture in a virtual room, then change 
the wall colors to match the furniture, 
and choose from carpeting or hardwood 
for the floors. HTML just doesn't cut it 
for these types of presentations. 

It is these consumer-facing applica- 
tions that seem an ideal place for the 
explosion of rich interfaces and presen- 
tations to occur. Make the user experi- 
ence more enjoyable and interactive, the 
argument goes, and win more cus- 
tomers, make more money and so on. 
However, the ability to share informa- 




tion applications, such as bank currency 
conversion applications that update new 
rates continuously for bank employees 
around the world without having to 
refresh every time a new quote is 
desired, is another side of the market. 

Certainly, Adobe saw the opportunity 
and gobbled up the acknowledged leader 
that brought immediate validity to the 
rich Internet application 
space in 2002. "It's exciting 
news," said Coach Wei, CEO 
at Nexaweb, which also has a 
rich Internet application plat- 
form. "Both companies have 
strong portfolios of consumer- 
oriented apps, and it creates a 
powerhouse company. It's a 
natural marriage." 

But was this a match 
made in heaven or a marriage 
oi necessity? Looming over everything 
that happens in the software world is 
Microsoft, which plans to introduce fea- 
tures in its upcoming Longhorn release 
of Windows XP designed to ease the 
merging of documents and content 
between applications, including rich 
content such as audio and video. Per- 
haps Adobe saw it would need the boost 
provided by Macromedia's development 
and platform software to stay important 
in the market. Microsoft's plan "is about 
connecting people and helping people 
communicate," Wei said. "It's the same 
thing Adobe does. That creates a com- 
petitive industry." 

Competitive to a point. There already 
has been some shakeout in the young 
market, as one of the originators, Curl — 
a venture begun by Worldwide Web cre- 
ator Tim Berners-Lee — was bought up 
by a Japanese concern and now has its 
business activity focused on the Asian 
market, and Laszlo decided to make its 
platform available for free as open- 



source software. Versalent and Nexaweb 
remain strong as well, as the companies 
look to find points of differentiation. 

For Nexaweb, it's ensuring mission- 
critical applications can be deployed on 
the Internet with reliability and high 
performance. "It's not about the sexy 
look or animation," Wei said. "It's about 
applications used by business users for 
hours eveiy day. These transaction sys- 
tems have to guarantee that all messages 
get delivered." Wei said if you want to 
run ERP/CRM apps or financial trading 
systems on the Internet, you don't want 
to run them on a platform optimized for 
visualization. 

Meanwhile, Laszlo, which turned over 
its presentation server to the open-source 
community back in October, reports that 
its second full fiscal quarter since then 
resulted in the company's best financial 
quarter ever. The company makes money 
on support and services, but also on com- 
mercial apps, such as e-mail applications, 
that run on the platform. Version 3 of its 
server, renamed OpenLaszlo, was 
released late last month. Also, an Eclipse 
plug-in for Laszlo is in the works, and 
third parties are creating applications 
such as LZDocs, a way to create docu- 
ments out of Laszlo applications. 

All this goes to show that the idea of 
rich Internet applications has gained a 
foothold. This is not just a return to fat- 
client deployment. It's about enhancing 
the experience of applications users, 
whether that includes shoppers visiting a 
Web site to choose a color of paint for 
their homes or financial advisers using 
an application to get up-to-the-minute 
quotes on stock, bond or mutual fund 
prices. 

So far, Macromedia has reaped the 
largest windfall to date from this market. 
Those benefits will now accrue to 
Adobe, but there should be plenty of 
room for the others to make money as 
well in this still-nascent market. I 

David Rubinstein is editor of SD Times. 




An investment group that purchased host access software vendor WRQ in January 
now has announced it will pick up one of WRO's rivals. The group, made up of Fran- 
cisco Partners, Golden Gate Capital and Thoma Cressey Equity Partners, has 

a definitive purchase agreement for Attachmate, founded in 1982. Terms of the 
private transaction were not disclosed. Both Attachmate and WRO approach host 
access in the same ways — emulation for end users, and direct access by software 
applications, according to Markus Nitschke, Attachmate's vice president of corpo- 
rate marketing. The combined company, which has yet to be named, will show 
more than US$200 million per year in revenue and will own 16 percent of the host 
access market, trailing only IBM. Frank Pritt, founder, president and CEO of Attach- 
mate, will retire when the deal is completed later this month. Jeff Hawn, chairman 
of WRQ since January, will become CEO of the combined company. Nitschke said 
the new company will not leave any customers of either original company "hang- 
ing on a dead-end technology road," explaining that at first, the company will 
bring the customer base together and then determine what the technology strat- 
egy will be going forward . . . Software testing and development services com- 
pany AppLabs Technoloqies has acquired KeyLabs. Terms were not disclosed. 
KeyLabs provides testing services for performance, scalability and proof of con- 
cept. AppLabs will keep on all KeyLabs employees in their Lindon, Utah, office, 



while KeyLabs' CEO joins AppLabs as executive vice president . . . BZ Media, pub- 
lisher of SD Times, has purchased the EclipseSource newsletter and associated 
Web sites from Penton Media. SD Times senior editor Edward J. Correia will serve 
as editor of EclipseSource, which will now be published every two weeks. 

EARNINGS: EMC Inc. reported revenue of US$2.24 billion for its first quarter 
of 2005, up 20 percent from the same quarter in 2004. Net income for the period 
was $270 million, or 11 cents per share. That's a 93 percent improvement over 
year-earlier net income of $140 million. The EMC Software Group reported revenue 
of $401 million in the first quarter, a year-over-year increase of 24 percent. 
VMWare, an EMC subsidiary, reported $80 million in first-quarter revenue, a record 
. . . Mercury reported first-quarter 2004 revenue of US$198.8 million, a 27 per- 
cent improvement compared with revenue of $156.8 million in the first quarter of 
last year. Net income was $31.4 million, or 32 cents per share, compared with $18.9 
million a year ago. Second-quarter revenue is expected to be in the range of $205 
million to $215 million, the company said . . . Business rules management system 
vendor IL0G announced fiscal 2005 third-quarter net income of US$1.1 million on 
revenue of $31.4 million. This represents 11 percent growth year over year, the com- 
pany reported. In the third fiscal quarter of 2004, revenue was $28.3 million. I 
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Gartner Symposium/ITxpo May 15-19 
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GARTNER 

www4.gartner.com/2_events/symposium/2005/spg7.jsp 
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Orlando, Fla. 
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Enterprise May 22-24 
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Key Biscayne, Fla. 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences/eas/2005 

Wind River 2005 May 22-25 

Worldwide User Conference 

Orlando, Fla. 
WIND RIVER 

www.windriverevents.com/userconference05 
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RED HAT 
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Tech-Ed June 5-10 

Orlando, Fla. 

MICROSOFT 
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Gartner IT June 6-8 
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June 6-8 
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st how easy MapFo 
kes j] Co exchange data between XM 1 
database. Hal tile a-nd EDJ tormats Sin 
drag connecting lines from information 
source (sj to targets j and drop ' 
pwcessirtg fundi! on 
data on-the-lly and a, 
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THE FRAMEWORK FOR ALL LAYERS OF APPLICATION DEVELOPMENT 

Studio Enterprise includes over HQ Date, Presentation Reporting^ and Transformation layer components and is the largest, most complete 
component toolset far Windows, Wpp, and Morjiie. application development eyailapfe en/ywhere. How does your toolset compare? 
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ComponentOrte 

Studio Enterprise 2005** 

Charting 

Visualize Your Data in Ways You 
Never Thought Possible. 



Theso Chart images show how dCTefopfcrs have t&rnprete control 
over custammng the look of ihelr en arts including: 3D Highlights. 
Gradient and H&tched Fills. Alpha BJending, Custom Textures 
(from on image J. Headers. I u-jluii. and Backgrounds. 






ttili 5lRL*ud fcHr-pnini PA' Ctiart ■III- 30 ElnjGto 
Sipumv AmJ-Ali&ng, Hummed Camera lor 
KradriLj. F^dIiti. L^niNr. anfl C.'.irl Araai. 
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RETORTING LAVER 



TRANSFORMATION UYfcfc 
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Coplnj fl^in Dynnminaiy in Wlcro:nft .CiET 
Cnrnpjnl Ffnmpwaih-fcsml Jjiplmun; 

- Optimized far 

s <d$ Visual Studio *nei 



Fatly Gwp!i pillar urqups liKliKlne. DomWrHTis^i rri iinHAJnn rjnirt;. p* Cmnj, 
mi ww ^m 3D EJfcra and ^inMt niGH»na 



Barcode for .NET 



Pimjinlcahj nwit? Iwrwdn? ssnnniju 
abiects And disalay tiHrn in your 
.NET applicant, 

■ Lasiiy add adreodet; La unpens. 
Efti «JI3 Web WgK, sanrtafl 
,NET PmlDwnnmjNL objuvii, 
and [two 

■ Csnibtfiftntlv pilii!, san^jinri 
irLahtpLiltiCe hnrwitai to HI 
nny appwuntiOn 

- Support Isir papular Unear and .nasal bafTHflfi types imikidlr^ Cadztz-; 
Cfjfi?12H. Cod&l9.C&d&rJ3. CadellnG. Eanll. EjmB. end SosIHih: 

- Auinmatrrj^Uy nrlrJ cnrHrci sjirtinls And Ehccksuirra 

■ BSfilty-liK- DMrLbutlDn; 

- Eray rkplr^mor*, ng barendij Inrrir. required 





^tf^ > me new online renurce (of visual Stud • .1. --.■ : . -i-, 
^^hF and Halp authors. AH ynur resources in Ma pisce. 

* FiXfJ ■, ■ 1 1 1 ! 1 1 1 1 1 1 pAintis 

* Sifffplt CttOJ ■ SunwchrKilf Orl linn Ii*-.i:innnla1lnn 

* ArllrJin ■ SHfmnnin AjipliCJlk-n: 
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nelpoeritfai. Mtmporieritone .com 



www.componentona.com .NET ■ A5ENET * Mobile ■ Active* 
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